From 483e9106281149fdeb4a71c8991dc0acd230688d Mon Sep 17 00:00:00 2001 From: Russ Butler Date: Tue, 26 Oct 2021 22:31:41 -0500 Subject: [PATCH] Create openqa-vnc service to prevent conflict (#14999) Create a firewalld service to open the ports for VNC traffic. This prevents ansible from creating an invalid firewalld configuration and bringing down networking on Fedora 34 workstation due to overlapping ports. --- ansible/playbooks/tasks/openqa.yml | 20 +++++++++++++------ .../etc/firewalld/services/openqa-vnc.xml.j2 | 4 ++++ 2 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 diff --git a/ansible/playbooks/tasks/openqa.yml b/ansible/playbooks/tasks/openqa.yml index e824513..51d5402 100644 --- a/ansible/playbooks/tasks/openqa.yml +++ b/ansible/playbooks/tasks/openqa.yml @@ -62,6 +62,19 @@ enabled: true loop: "{{ openqa_services }}" +- name: Create openqa-vnc firewalld service + template: + src: etc/firewalld/services/openqa-vnc.xml.j2 + dest: /etc/firewalld/services/openqa-vnc.xml + owner: root + group: root + mode: "0644" + +- name: Load openqa-vnc firewalld service + systemd: + name: firewalld + state: reloaded + - name: Permit traffic for {{ item }} service ansible.posix.firewalld: service: "{{ item }}" @@ -69,12 +82,7 @@ state: enabled loop: - http - -- name: Permit VNC traffic for local workers - ansible.posix.firewalld: - port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp" - permanent: true - state: enabled + - openqa-vnc - name: Reload FirewallD systemd: diff --git a/ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 b/ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 new file mode 100644 index 0000000..e125b1c --- /dev/null +++ b/ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2 @@ -0,0 +1,4 @@ + + + +