action #159414
openEnsure that os-autoinst-setup-multi-machine reliably sets firewall zones not interfering with /etc/sysconfig/network/ifcfg-*
0%
Description
Motivation¶
As observed in #157414 there is /etc/sysconfig/network/ifcfg-eth0 mentioning ZONE=public and the XML files of firewall mentioning either that or something different. We should ensure that os-autoinst-setup-multi-machine really works with wicked using and writing /etc/sysconfig/network/ifcfg-* and not against it.
Acceptance criteria¶
- AC1: os-autoinst-setup-multi-machine ensures that the correct firewall zone is used consistently also after reboot
- AC1: os-autoinst-setup-multi-machine ensures that the correct firewall zone is used even if /etc/sysconfig/network/ifcfg-* already mentions another zone
Suggestions¶
- Crosscheck what os-autoinst-setup-multi-machine expects and does regarding firewall zones
- Ensure that /etc/sysconfig/network/ifcfg-* zone settings are read or updated accordingly by os-autoinst-setup-multi-machine
Updated by okurz 11 days ago
- Copied from action #157414: Network broken with multimachine on multiple workers (broken packet forwarding / NAT) size:M added
Updated by mkittler 9 days ago
- Status changed from New to In Progress
- Assignee set to mkittler
When using the script on aarch64-o3 I could confirm that the zone setting for the ethernet device (in e.g. /etc/sysconfig/network/ifcfg-eth0) is missing, indeed - see #150869#note-15. It was sufficient to simply replace it (after a reboot everything was still configured as expected) so I guess adding sed -i -e 's/ZONE=.*/ZONE=trusted/g' /etc/sysconfig/network/ifcfg-$ethernet to the script would be sufficient. Considering I just did the testing I'll go ahead with that change despite the ticket not being in ready.
Updated by mkittler 9 days ago
- Status changed from In Progress to New
- Assignee deleted (
mkittler)
Change for wicked: https://github.com/os-autoinst/os-autoinst/pull/2491
I'm unassigning again because we should probably still look into whether we need to cover NetworkManager as well but this ticket isn't in the backlog.