action #159414
openEnsure that os-autoinst-setup-multi-machine reliably sets firewall zones not interfering with /etc/sysconfig/network/ifcfg-* size:S
0%
Description
https://progress.opensuse.org/issues/159414
Ensure that os-autoinst-setup-multi-machine reliably sets firewall zones not interfering with /etc/sysconfig/network/ifcfg-* size:S
Motivation¶
As observed in #157414 there is /etc/sysconfig/network/ifcfg-eth0 mentioning ZONE=public and the XML files of firewall mentioning either that or something different. We should ensure that os-autoinst-setup-multi-machine really works with wicked using and writing /etc/sysconfig/network/ifcfg-* and not against it.
Acceptance criteria¶
- AC1: os-autoinst-setup-multi-machine ensures that the correct firewall zone is used consistently also after reboot
- AC1: os-autoinst-setup-multi-machine ensures that the correct firewall zone is used even if /etc/sysconfig/network/ifcfg-* already mentions another zone
Suggestions¶
- Try out current automated tests by looking at https://openqa.opensuse.org/tests/latest?arch=x86_64&distri=openqa&flavor=dev&machine=64bit-4G&test=openqa_install_multimachine&version=Tumbleweed , potentially using the developer mode or cloning it locally
- See how those tests call os-autoinst-setup-multi-machine already: https://github.com/os-autoinst/os-autoinst-distri-openQA/blob/4bc896ba039de2172e80f63f0d2d5d9dd0d7cc28//tests/install/openqa_worker.pm#L22
- Maybe wicked/networkmanager mode can be altered with a simple variable to call
- Crosscheck what https://github.com/os-autoinst/os-autoinst/blob/master/script/os-autoinst-setup-multi-machine expects and does regarding firewall zones
- Ensure that /etc/sysconfig/network/ifcfg-* zone settings are read or updated accordingly by os-autoinst-setup-multi-machine
- Look into what was already done as part of https://github.com/os-autoinst/os-autoinst/pull/2491
- In particular consider NetworkManager
Updated by okurz 7 months ago
- Copied from action #157414: Network broken with multimachine on multiple workers (broken packet forwarding / NAT) size:M added
Updated by mkittler 7 months ago
- Status changed from New to In Progress
- Assignee set to mkittler
When using the script on aarch64-o3 I could confirm that the zone setting for the ethernet device (in e.g. /etc/sysconfig/network/ifcfg-eth0) is missing, indeed - see #150869#note-15. It was sufficient to simply replace it (after a reboot everything was still configured as expected) so I guess adding sed -i -e 's/ZONE=.*/ZONE=trusted/g' /etc/sysconfig/network/ifcfg-$ethernet to the script would be sufficient. Considering I just did the testing I'll go ahead with that change despite the ticket not being in ready.
Updated by mkittler 7 months ago
- Status changed from In Progress to New
- Assignee deleted (
mkittler)
Change for wicked: https://github.com/os-autoinst/os-autoinst/pull/2491
I'm unassigning again because we should probably still look into whether we need to cover NetworkManager as well but this ticket isn't in the backlog.
Updated by tinita 3 months ago
- Subject changed from Ensure that os-autoinst-setup-multi-machine reliably sets firewall zones not interfering with /etc/sysconfig/network/ifcfg-* to Ensure that os-autoinst-setup-multi-machine reliably sets firewall zones not interfering with /etc/sysconfig/network/ifcfg-* size:S
- Description updated (diff)
- Status changed from New to Workable