fix firewalld

5 years ago · a5b7b288ed
2 changed files with 9 additions and 12 deletions
--- a/templates/lb/cloud-init.cfg
+++ b/templates/lb/cloud-init.cfg
@ -45,16 +45,15 @@ runcmd:
 # Fix file permissions
 - [ "chown", "-R", "nicolas:nicolas", "/home/nicolas" ]
 # Configure HAProxy
 - [ "systemctl", "enable", "firewalld" ]
 - [ "systemctl", "start", "firewalld" ]
 - [ "setsebool", "-P", "haproxy_connect_any=1" ]
 - [ "systemctl", "enable", "haproxy" ]
 - [ "systemctl", "restart", "haproxy" ]
- [ "firewall-cmd", "--add-service=http", "--permanent" ]
+- [ "firewall-offline-cmd", "--add-service=http" ]
- [ "firewall-cmd", "--add-service=https", "--permanent" ]
+- [ "firewall-offline-cmd", "--add-service=https" ]
- [ "firewall-cmd", "--add-port=6443/tcp", "--permanent" ]
+- [ "firewall-offline-cmd", "--add-port=6443/tcp" ]
- [ "firewall-cmd", "--add-port=22623/tcp", "--permanent" ]
+- [ "firewall-offline-cmd", "--add-port=22623/tcp" ]
- [ "firewall-cmd", "--reload" ]
+- [ "systemctl", "enable", "firewalld" ]
 - [ "systemctl", "start", "firewalld" ]
 write_files:
 - path: /root/.bashrc
--- a/templates/storage/cloud-init.cfg
+++ b/templates/storage/cloud-init.cfg
@ -64,15 +64,13 @@ runcmd:
 - [ "systemctl", "start", "rpcbind" ]
 - [ "systemctl", "enable", "nfs-server" ]
 - [ "systemctl", "start", "nfs-server" ]
 - [ "systemctl", "enable", "firewalld" ]
 - [ "systemctl", "start", "firewalld" ]
 - [ "setsebool", "-P", "nfs_export_all_rw", "1" ]
 - [ "mkdir", "-p", "/srv/nfs" ]
 - [ "exportfs", "-rav" ]
 #- [ "/bin/bash", "-c", "for i in {0..999}; do pv=$(printf '/srv/nfs/pv-%03d\n' $i); mkdir $pv; chmod 777 $pv; done" ]
 - [ "/bin/bash", "-c", "for pv in pv-infra-registry pv-user-pvs; do mkdir -p /srv/nfs/$pv; chmod 770 /srv/nfs/$pv; done" ]
- [ "firewall-cmd", "--add-service=nfs", "--permanent" ]
+- [ "firewall-offline-cmd", "--add-service=nfs" ]
- [ "firewall-cmd", "--reload" ]
+- [ "systemctl", "enable", "firewalld" ]
 - [ "systemctl", "start", "firewalld" ]
 write_files:
 - path: /root/.bashrc