When running simp config on a new el7 system, it sets simp_options::firewall to true,
which will installs iptables on el7 systems. We should default it to firewalld, so firewalld is used on new systems.
Also how do we change it for the scenario... simp.yaml sets it to true, can we set it to firewalld and not effect el6?
-For the EL7 ISO, I think we should include the firewall packages in the list of common RPMs installed by the ISO. (We still have to include the iptables RPMs because we are using iptables as the firewalld backend due to bugs in firewalld). I haven't tested to see if this solves the problem of the SIMP server coming up just in iptables mode. -
Disregard previous comment. As noted, firewalld is installed as part of the base OS packages for el7.
Instead of using simp config, with the latest change to simp/iptables, we can set iptables:use_firewalld to true in the SIMP server hiera yaml template in simp-environment-skeleton, and simp/iptables will do the right thing if firewalld is not actually on the system.
Working on this. No worries about iptables::use_firewalld affecting EL6. The internal logic only triggers firewalld if it is supported on the target system.
related doc updates