Create openqa-vnc service to prevent conflict (#14999)

Create a firewalld service to open the ports for VNC traffic. This
prevents ansible from creating an invalid firewalld configuration and
bringing down networking on Fedora 34 workstation due to overlapping
ports.

ansible/playbooks/tasks/openqa.yml

@@ -62,6 +62,19 @@
     enabled: true
   loop: "{{ openqa_services }}"
 
+- name: Create openqa-vnc firewalld service
+  template:
+    src: etc/firewalld/services/openqa-vnc.xml.j2
+    dest: /etc/firewalld/services/openqa-vnc.xml
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Load openqa-vnc firewalld service
+  systemd:
+    name: firewalld
+    state: reloaded
+
 - name: Permit traffic for {{ item }} service
   ansible.posix.firewalld:
     service: "{{ item }}"
@@ -69,12 +82,7 @@
     state: enabled
   loop:
     - http
-
+    - openqa-vnc
-- name: Permit VNC traffic for local workers
-  ansible.posix.firewalld:
-    port: "{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}/tcp"
-    permanent: true
-    state: enabled
 
 - name: Reload FirewallD
   systemd:

ansible/playbooks/templates/etc/firewalld/services/openqa-vnc.xml.j2

@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <port port="{{ openqa_min_vnc_port }}-{{ openqa_max_vnc_port }}" protocol="tcp"/>
+</service>