openstack/kolla-ansible
Code Issues Proposed changes

Add disable_firewall variable

Browse Source 
Adds a new variable, 'disable_firewall', which defaults to true. If set
to false, then the host firewall will not be disabled during
kolla-ansible bootstrap-servers.

Change-Id: Ie5131013012f89c8c3b91ca359ad17d9cb77efc8
This commit is contained in:
Mark Goddard 2021-06-30 14:35:37 +01:00
parent e63d985ccb
commit 9fffc7bc52
4 changed files with 39 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/roles/baremetal/defaults/main.yml
View File

@ -32,6 +32,9 @@ change_selinux: True
selinux_state: "permissive" selinux_state: "permissive"
# If true, the host firewall service (firewalld or ufw) will be disabled.
disable_firewall: True
docker_storage_driver: "" docker_storage_driver: ""
docker_custom_option: "" docker_custom_option: ""
docker_custom_config: {} docker_custom_config: {}

8
ansible/roles/baremetal/tasks/install.yml
View File

@ -6,7 +6,8 @@
when: ansible_facts.os_family == 'Debian' when: ansible_facts.os_family == 'Debian'
# TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors # TODO(inc0): Gates don't seem to have ufw executable, check for it instead of ignore errors
- name: Set firewall default policy - block:
- name: Set firewall default policy
become: True become: True
ufw: ufw:
state: disabled state: disabled
@ -14,7 +15,7 @@
when: ansible_facts.os_family == 'Debian' when: ansible_facts.os_family == 'Debian'
ignore_errors: yes ignore_errors: yes
- name: Check if firewalld is installed - name: Check if firewalld is installed
command: rpm -q firewalld command: rpm -q firewalld
register: firewalld_check register: firewalld_check
changed_when: false changed_when: false
@ -23,7 +24,7 @@
warn: false warn: false
when: ansible_facts.os_family == 'RedHat' when: ansible_facts.os_family == 'RedHat'
- name: Disable firewalld - name: Disable firewalld
become: True become: True
service: service:
name: "{{ item }}" name: "{{ item }}"
@ -34,6 +35,7 @@
when: when:
- ansible_facts.os_family == 'RedHat' - ansible_facts.os_family == 'RedHat'
- firewalld_check.rc == 0 - firewalld_check.rc == 0
when: disable_firewall | bool
# Upgrading docker engine may cause containers to stop. Take a snapshot of the # Upgrading docker engine may cause containers to stop. Take a snapshot of the
# running containers prior to a potential upgrade of Docker. # running containers prior to a potential upgrade of Docker.

2
doc/source/reference/deployment-and-bootstrapping/bootstrap-servers.rst
View File

@ -204,6 +204,8 @@ will be added to allow all traffic.
On Red Hat family systems where firewalld is installed, it will be disabled. On Red Hat family systems where firewalld is installed, it will be disabled.
This behaviour can be avoided by setting ``disable_firewall`` to ``false``.
Creation of Python virtual environment Creation of Python virtual environment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

6
releasenotes/notes/disable-firewall-1e1955168c717cb5.yaml Normal file
View File

@ -0,0 +1,6 @@
---
features:
- |
Adds a new variable, ``disable_firewall``, which defaults to ``true``. If
set to ``false``, then the host firewall will not be disabled during
``kolla-ansible bootstrap-servers``.