Closed rmohr closed 5 years ago
To note: This is only an issue if kubevirt-ansible is used to deploy kubernetes or openshift with this playbook. IIUIC.
@lukas-bednar @nellyc can we just remove the parts for openshift and kubernetes deployment from this playbook?
This would fix this bug.
@fabiand These playbooks are used by std-ci to perform testing. But I guess we could move these playbook under automation/
directory at least and remove it from documentation.
In general: With a company hat on, we just need to make sure that the playbooks mimic what a user does if he follows the documented steps. Otherwise we create a QE specific deployment path which does not tell us what a user does.
For this paritcular bug: We need to clarify on this repository if this inteded for production or not. This bug would be an issue if you'd use this script for deployment in a production environment.
Thus imo:
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
/lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
/close
@kubevirt-bot: Closing this issue.
Is this a BUG REPORT or FEATURE REQUEST?:
Don't disable selinux and the firewall by default if people install kubevirt on an k8s cluster. For as long as this is the case, please announce on as many places as you can that people should not use the playbooks here.
What happened:
A quick search revealed this: https://github.com/kubevirt/kubevirt-ansible/search?q=firewalld&unscoped_q=firewalld.
We don't have a feedback yet from the author of https://github.com/kubevirt/kubevirt/issues/1794 but it looks a lot like he used these playbooks.
What you expected to happen:
That the firewall and selinux stay enabled.
How to reproduce it (as minimally and precisely as possible):
The playbook which disables these components is automatically executed in the default donfig: https://github.com/kubevirt/kubevirt-ansible/blob/d2c8d783423e8ba5c1dcc6e20873ab80363bbd41/playbooks/cluster/kubernetes/config.yml
Anything else we need to know?:
Environment:
git rev-parse HEAD
):virtctl version
):kubectl version
oroc versions
):ansible --version
):uname -a
):