From 6e1bae9de43e95ea18bb7c93e6b35b22659a166c Mon Sep 17 00:00:00 2001 From: Dmitry Tantsur Date: Fri, 21 Aug 2020 18:03:47 +0200 Subject: [PATCH] Explicitly enable DHCP services on baremetal CentOS/RHEL Apparently, we missed them when migrating to firewalld. The CI is not affected because these services are enabled in the libvirt zone, but changing the testing code as well for consistency. Also make sure the testing variable is treated as boolean. Change-Id: I204c539824319908098f67a49a8b15a24ba2cf6a --- .../bifrost-ironic-install/tasks/bootstrap.yml | 15 ++++++++++++++- .../firewalld-services-4c255c02d8d427f8.yaml | 4 ++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml diff --git a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml index 016938972..89b7ed92d 100644 --- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml +++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml @@ -352,10 +352,23 @@ - 6385 when: ansible_distribution not in ["CentOS", "RedHat"] +- name: "Enable services in firewalld" + firewalld: + service: "{{ item }}" + zone: "{{ 'libvirt' if testing | bool else 'public' }}" + state: enabled + permanent: yes + immediate: yes + loop: + - dhcp + - dhcpv6 + - tftp + when: ansible_distribution in ["CentOS", "RedHat"] + - name: "Enable ports in firewalld" firewalld: port: "{{ item }}/tcp" - zone: "{{ 'libvirt' if testing else 'public' }}" + zone: "{{ 'libvirt' if testing | bool else 'public' }}" state: enabled permanent: yes immediate: yes diff --git a/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml b/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml new file mode 100644 index 000000000..155e30397 --- /dev/null +++ b/releasenotes/notes/firewalld-services-4c255c02d8d427f8.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - | + Automatically enables DHCP and TFTP services in firewalld on CentOS/RHEL.