From a5b7b288edddd880682e2b568a318c9271ab1a82 Mon Sep 17 00:00:00 2001
From: Nicolas MASSE <nicolas.masse@itix.fr>
Date: Wed, 17 Mar 2021 10:33:42 +0100
Subject: [PATCH] fix firewalld

---
 templates/lb/cloud-init.cfg      | 13 ++++++-------
 templates/storage/cloud-init.cfg |  8 +++-----
 2 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/templates/lb/cloud-init.cfg b/templates/lb/cloud-init.cfg
index 2e0feba..69259e5 100644
--- a/templates/lb/cloud-init.cfg
+++ b/templates/lb/cloud-init.cfg
@@ -45,16 +45,15 @@ runcmd:
 # Fix file permissions
 - [ "chown", "-R", "nicolas:nicolas", "/home/nicolas" ]
 # Configure HAProxy
-- [ "systemctl", "enable", "firewalld" ]
-- [ "systemctl", "start", "firewalld" ]
 - [ "setsebool", "-P", "haproxy_connect_any=1" ]
 - [ "systemctl", "enable", "haproxy" ]
 - [ "systemctl", "restart", "haproxy" ]
-- [ "firewall-cmd", "--add-service=http", "--permanent" ]
-- [ "firewall-cmd", "--add-service=https", "--permanent" ]
-- [ "firewall-cmd", "--add-port=6443/tcp", "--permanent" ]
-- [ "firewall-cmd", "--add-port=22623/tcp", "--permanent" ]
-- [ "firewall-cmd", "--reload" ]
+- [ "firewall-offline-cmd", "--add-service=http" ]
+- [ "firewall-offline-cmd", "--add-service=https" ]
+- [ "firewall-offline-cmd", "--add-port=6443/tcp" ]
+- [ "firewall-offline-cmd", "--add-port=22623/tcp" ]
+- [ "systemctl", "enable", "firewalld" ]
+- [ "systemctl", "start", "firewalld" ]
 
 write_files:
 - path: /root/.bashrc
diff --git a/templates/storage/cloud-init.cfg b/templates/storage/cloud-init.cfg
index de02a70..f0f4a24 100644
--- a/templates/storage/cloud-init.cfg
+++ b/templates/storage/cloud-init.cfg
@@ -64,15 +64,13 @@ runcmd:
 - [ "systemctl", "start", "rpcbind" ]
 - [ "systemctl", "enable", "nfs-server" ]
 - [ "systemctl", "start", "nfs-server" ]
-- [ "systemctl", "enable", "firewalld" ]
-- [ "systemctl", "start", "firewalld" ]
 - [ "setsebool", "-P", "nfs_export_all_rw", "1" ]
 - [ "mkdir", "-p", "/srv/nfs" ]
 - [ "exportfs", "-rav" ]
-#- [ "/bin/bash", "-c", "for i in {0..999}; do pv=$(printf '/srv/nfs/pv-%03d\n' $i); mkdir $pv; chmod 777 $pv; done" ]
 - [ "/bin/bash", "-c", "for pv in pv-infra-registry pv-user-pvs; do mkdir -p /srv/nfs/$pv; chmod 770 /srv/nfs/$pv; done" ]
-- [ "firewall-cmd", "--add-service=nfs", "--permanent" ]
-- [ "firewall-cmd", "--reload" ]
+- [ "firewall-offline-cmd", "--add-service=nfs" ]
+- [ "systemctl", "enable", "firewalld" ]
+- [ "systemctl", "start", "firewalld" ]
 
 write_files:
 - path: /root/.bashrc