action #68095
Updated by okurz almost 4 years ago
## Motivation
SuSEfirewall2 is not going to be supported anymore in current versions of openSUSE or SLE distributions. Our o3 workers already run firewalld just fine including multi-machine tests. We can not easily check the firewall status compared to firewalld where the systemd service is more helpful (#68092)
## Acceptance criteria
* **AC1:** https://gitlab.suse.de/openqa/salt-states-openqa has rules for setup of firewalld instead of SuSEfirewall2
* **AC2:** All osd workers managed by salt use firewalld
## Suggestions
* Read http://open.qa/docs/#_multi_machine_tests_setup
* Ensure good cases exists for multi-machine jobs, e.g. https://openqa.suse.de/tests/latest?arch=aarch64&distri=sle&flavor=Online&machine=aarch64&test=hpc_DELTA_slurm_slave01&version=15-SP2 and related jobs , run clones of these tests to ensure they pass in the current state before migration
* See existing o3 worker configuration for reference
* See pointers in #66236 , #64700 , #62162 , #54785 , #45848 , #43148 , #52499
* On a selected worker without salt overriding configure firewalld, remove SuSEfirewall2 and test with above mentioned openQA test scenarios
* Add corresponding configuration to salt
* Ensure salt removes SuSEfirewall2 and/or remove all references to SuSEfirewall2 in salt recipes
* Test again after all salt recipes have been applied