Project

General

Profile

Actions

action #117616

closed

action #115187: [qe-core] Prepare for ALP - Schedule Firewalld tests for ALP

[qe-core] How to start the firewalld container

Added by dvenkatachala about 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
New test
Target version:
QA - QE-Core: Ready
Start date:
2023-05-25
Due date:
2023-05-25
% Done:

0%

Estimated time:
Difficulty:
Sprint:
QE-Core: October Sprint (Sep 28 - Oct 26)

Description

Santiago and I did manual test to start the firewalld containter in a ALP. Below are the steps followed,

  1. Disable the Host's firewalld
    #systemctl stop firewalld.service

  2. Identify the firewalld workload image:
    #podman search firewalld
    registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/firewalld

  3. Start the firewalld container:
    #podman run -d --network host --privileged --name my-firewalld registry.opensuse.org/suse/alp/workloads/tumbleweed_containerfiles/suse/alp/workloads/firewalld
    This will pull (download) the image from registry.opensuse.org if the image is not already in the local cache. The --network host means the container will run in the default network namespace and thus make firewall changes affecting the entire host.

  4. To make changes to firewalld running inside the container podman exec must be used
    #podman exec my-firewalld firewall-cmd
    State: running
    No options specified
    usage: 'firewall-cmd --help' for usage information or see firewall-cmd(1) man page

  5. Add the port 9090 to enable the cockpit web server on ALP
    #podman exec my-firewalld firewall-cmd --add-port=9090/tcp
    You're performing an operation over default zone ('public'),
    but your connections/interfaces are in zone 'docker' (see --get-active-zones)
    You most likely need to use --zone=docker option.

    success

Note:
Shell alias for convenience
The above is a long command. It can be made more convenient with a shell alias.

#alias my-firewall-cmd='podman exec my-firewalld firewall-cmd'


Related issues 3 (0 open3 closed)

Related to openQA Tests - action #124209: [qe-core] Testing of PED-2828: ISC Kea DHCP serverResolveddvenkatachala2023-05-252023-05-25

Actions
Related to ALP - coordination #125846: [epic] March Prototype testingResolved2023-03-13

Actions
Related to openQA Tests - action #131189: [qe-core] Introduce firewalld container test in ALPResolvedamanzini2023-06-21

Actions
Actions

Also available in: Atom PDF