Set Default on new EL7 systems to firewalld

Description

When running simp config on a new el7 system, it sets simp_options::firewall to true,
which will installs iptables on el7 systems. We should default it to firewalld, so firewalld is used on new systems.

Also how do we change it for the scenario... simp.yaml sets it to true, can we set it to firewalld and not effect el6?

Acceptance Criteria

None

Activity

Show:
Liz Nemsick
October 22, 2020, 1:57 PM
Edited

-For the EL7 ISO, I think we should include the firewall packages in the list of common RPMs installed by the ISO. (We still have to include the iptables RPMs because we are using iptables as the firewalld backend due to bugs in firewalld). I haven't tested to see if this solves the problem of the SIMP server coming up just in iptables mode. -

Liz Nemsick
October 27, 2020, 3:08 PM

Disregard previous comment. As noted, firewalld is installed as part of the base OS packages for el7.

Liz Nemsick
October 27, 2020, 3:14 PM

Instead of using simp config, with the latest change to simp/iptables, we can set iptables:use_firewalld to true in the SIMP server hiera yaml template in simp-environment-skeleton, and simp/iptables will do the right thing if firewalld is not actually on the system.

Trevor Vaughan
November 4, 2020, 9:29 PM

Working on this. No worries about iptables::use_firewalld affecting EL6. The internal logic only triggers firewalld if it is supported on the target system.

Trevor Vaughan
November 10, 2020, 3:13 PM

related doc updates

Done

Labels

None

Epic Link

None

Story Points

3

Sprint

None

Priority

Medium
Configure