Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

susefirewall2-to-firewalld integration #18

Closed
noelmcloughlin opened this issue May 31, 2018 · 7 comments
Closed

susefirewall2-to-firewalld integration #18

noelmcloughlin opened this issue May 31, 2018 · 7 comments

Comments

@noelmcloughlin
Copy link
Member

noelmcloughlin commented May 31, 2018
edited
Loading

Apparently firewalld service can run on Suse. This should be looked into.

Migration from SuSEfirewall2
Migrating from one firewall solution to another is not always a trivial process and moving from SuSEfirewall2 to firewalld is no different. However, a simple script has been developed in order to make this migration as smooth as possible. Depending on your setup, the script may simply do the right thing and be done with it or fail to do anything useful. The package is called susefirewall2-to-firewalld and you can use it as follows:

sudo zypper install susefirewall2-to-firewalld
sudo susefirewall2-to-firewalld
@noelmcloughlin
Copy link
Member Author

States that work elsewhere fail on Suse.

g2-suse-5g4w.c.onion-salt.internal:
  Name: pkg_req_pkgs - Function: pkg.installed - Result: Clean Started: - 20:37:41.612066 Duration: 0.434 ms
  Name: wanted_pkgs - Function: pkg.installed - Result: Clean Started: - 20:37:41.612991 Duration: 292.744 ms
  Name: unwanted_pkgs - Function: pkg.purged - Result: Clean Started: - 20:37:41.905893 Duration: 17.704 ms
  Name: pip_req_pkgs - Function: pkg.installed - Result: Clean Started: - 20:37:41.923723 Duration: 0.288 ms
  Name: tox - Function: pip.installed - Result: Clean Started: - 20:37:42.071707 Duration: 841.547 ms
  Name: click - Function: pip.installed - Result: Clean Started: - 20:37:42.916298 Duration: 1100.916 ms
  Name: gem_req_pkgs - Function: pkg.installed - Result: Clean Started: - 20:37:44.140427 Duration: 0.348 ms
----------
          ID: package_firewalld
    Function: pkg.installed
        Name: firewalld
      Result: False
     Comment: An error was encountered while installing package(s): Zypper command failure: Package 'firewalld' not found.
     Started: 20:37:44.156250
    Duration: 8964.721 ms
     Changes:   
----------
          ID: directory_firewalld
    Function: file.directory
        Name: /etc/firewalld
      Result: False
     Comment: One or more requisite failed: firewalld.package_firewalld
     Changes:   
----------
          ID: config_firewalld
    Function: file.managed
        Name: /etc/firewalld/firewalld.conf
      Result: False
     Comment: One or more requisite failed: firewalld.package_firewalld, firewalld.config.directory_firewalld
     Changes:   
----------
          ID: directory_firewalld_services
    Function: file.directory
        Name: /etc/firewalld/services
      Result: False
     Comment: One or more requisite failed: firewalld.package_firewalld
     Changes:   
----------
          ID: /etc/firewalld/services/deepsea-formula.xml
    Function: file.managed
      Result: False
     Comment: One or more requisite failed: firewalld.services.directory_firewalld_services, firewalld.package_firewalld
     Changes:   
----------
          ID: directory_firewalld_zones
    Function: file.directory
        Name: /etc/firewalld/zones
      Result: False
     Comment: One or more requisite failed: firewalld.package_firewalld
     Changes:   
----------
          ID: /etc/firewalld/zones/public.xml
    Function: file.managed
      Result: False
     Comment: One or more requisite failed: firewalld.zones.directory_firewalld_zones, firewalld.package_firewalld
     Changes:   
  Name: iptables - Function: service.disabled - Result: Clean Started: - 20:37:53.124021 Duration: 18.838 ms
  Name: ip6tables - Function: service.disabled - Result: Clean Started: - 20:37:53.143051 Duration: 16.117 ms
----------
          ID: service_firewalld
    Function: service.running
        Name: firewalld
      Result: False
     Comment: One or more requisite failed: firewalld.services./etc/firewalld/services/deepsea-formula.xml, firewalld.zones.directory_firewalld_zones, firewalld.zones./etc/firewalld/zones/public.xml, firewalld.config.config_firewalld, firewalld.package_firewalld, firewalld.services.directory_firewalld_services
     Changes:   
----------
          ID: reload_firewalld
    Function: cmd.wait
        Name: firewall-cmd --reload
      Result: False
     Comment: One or more requisite failed: firewalld.services./etc/firewalld/services/deepsea-formula.xml, firewalld.zones.directory_firewalld_zones, firewalld.zones./etc/firewalld/zones/public.xml, firewalld.service_firewalld, firewalld.config.config_firewalld, firewalld.services.directory_firewalld_services
     Changes:   
  Name: deepsea-requirements - Function: pkg.installed - Result: Clean Started: - 20:37:53.165607 Duration: 11.636 ms
  Name: /tmp/deepsea_tmp - Function: file.directory - Result: Changed Started: - 20:37:53.177614 Duration: 388.025 ms
  Name: /etc/salt/master.d - Function: file.directory - Result: Changed Started: - 20:37:53.565922 Duration: 1.853 ms
  Name: deepsea-luminous - Function: pkgrepo.absent - Result: Clean Started: - 20:37:53.569286 Duration: 6.091 ms
  Name: /tmp/deepsea_tmp/DeepSea - Function: file.absent - Result: Changed Started: - 20:37:53.588939 Duration: 25.021 ms
  Name: https://github.com/noelmcloughlin/DeepSea.git - Function: git.latest - Result: Changed Started: - 20:37:53.614259 Duration: 1946.663 ms
  Name: make install - Function: cmd.run - Result: Changed Started: - 20:37:55.561584 Duration: 5816.828 ms
  Name: /srv/pillar/ceph/stack/global.yml - Function: file.line - Result: Clean Started: - 20:38:01.378865 Duration: 781.136 ms
  Name: salt-minion - Function: service.running - Result: Clean Started: - 20:38:02.160270 Duration: 350.301 ms
  Name: apparmor - Function: service.dead - Result: Clean Started: - 20:38:02.510796 Duration: 318.416 ms
  Name: SuSEfirewall2 - Function: service.dead - Result: Clean Started: - 20:38:02.829422 Duration: 325.399 ms

Summary for ig2-suse-5g4w.c.onion-salt.internal
-------------
Succeeded: 20 (changed=5)
Failed:     9

@noelmcloughlin noelmcloughlin mentioned this issue May 31, 2018
Open
@aboe76
Copy link
Member

aboe76 commented May 31, 2018

@noelmcloughlin this is strange I use firewalld-formula on opensuse Leap and Tumbleweed...it works great, as for leap 15 I think firewalld will be ddefault.

@noelmcloughlin
Copy link
Member Author

@aboe76 thanks for replying so quick. So I'm testing vanilla SLES 12.3 and saw this issue. A quick search mislead me into believing its not supported. The packaging database does suggest vanilla SLES 12.3 is not supported - seems some backports repo is needed - maybe thats the problem?

https://software.opensuse.org/package/firewalld

@aboe76
Copy link
Member

aboe76 commented Jun 1, 2018

I think so, should I spin up a sles 12 VM too verify it.

@aboe76
Copy link
Member

aboe76 commented Jun 1, 2018
edited
Loading

@noelmcloughlin you are right, SLES 12-SP3 doesn't have firewalld package in it's default repo's.

Need to wait for SLES 15: https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15/#fate-323460

@noelmcloughlin
Copy link
Member Author

noelmcloughlin commented Jun 1, 2018 via email

@noelmcloughlin noelmcloughlin mentioned this issue Jun 5, 2018
Merged
@noelmcloughlin
Copy link
Member Author

Looks okay on OpenSUSE 15.0. anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aboe76 @noelmcloughlin