search

kubevirt / kubevirt-ansible

Set of Ansible roles & playbooks for KubeVirt deployment
Apache License 2.0
91 stars 72 forks source link

Don't disable the firewall of people which use kubevirt-ansible #503

Closed rmohr closed 5 years ago

rmohr commented 5 years ago

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug /kind enhancement

Don't disable selinux and the firewall by default if people install kubevirt on an k8s cluster. For as long as this is the case, please announce on as many places as you can that people should not use the playbooks here.

What happened:

A quick search revealed this: https://github.com/kubevirt/kubevirt-ansible/search?q=firewalld&unscoped_q=firewalld.

We don't have a feedback yet from the author of https://github.com/kubevirt/kubevirt/issues/1794 but it looks a lot like he used these playbooks.

What you expected to happen:

That the firewall and selinux stay enabled.

How to reproduce it (as minimally and precisely as possible):

The playbook which disables these components is automatically executed in the default donfig: https://github.com/kubevirt/kubevirt-ansible/blob/d2c8d783423e8ba5c1dcc6e20873ab80363bbd41/playbooks/cluster/kubernetes/config.yml

Anything else we need to know?:

Environment:

fabiand commented 5 years ago

To note: This is only an issue if kubevirt-ansible is used to deploy kubernetes or openshift with this playbook. IIUIC.

fabiand commented 5 years ago

@lukas-bednar @nellyc can we just remove the parts for openshift and kubernetes deployment from this playbook?

This would fix this bug.

lukas-bednar commented 5 years ago

@fabiand These playbooks are used by std-ci to perform testing. But I guess we could move these playbook under automation/ directory at least and remove it from documentation.

fabiand commented 5 years ago

In general: With a company hat on, we just need to make sure that the playbooks mimic what a user does if he follows the documented steps. Otherwise we create a QE specific deployment path which does not tell us what a user does.

For this paritcular bug: We need to clarify on this repository if this inteded for production or not. This bug would be an issue if you'd use this script for deployment in a production environment.

Thus imo:

  1. State clearly what this playbook is intended for
  2. If this is for QE then we need to make sure that it mimcs what the documentation says
  3. All additional steps need to be filed as bugs to make sure they are incorporated into the docs.
kubevirt-bot commented 5 years ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

kubevirt-bot commented 5 years ago

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

/lifecycle rotten

kubevirt-bot commented 5 years ago

Rotten issues close after 30d of inactivity. Reopen the issue with /reopen. Mark the issue as fresh with /remove-lifecycle rotten.

/close

kubevirt-bot commented 5 years ago

@kubevirt-bot: Closing this issue.

In response to [this](https://github.com/kubevirt/kubevirt-ansible/issues/503#issuecomment-491586876): >Rotten issues close after 30d of inactivity. >Reopen the issue with `/reopen`. >Mark the issue as fresh with `/remove-lifecycle rotten`. > >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.