firewall rules on builders (iptables, firewalld, libvirt...)
Kevin Fenzi
kevin at scrye.com
Tue Oct 28 16:43:31 UTC 2014
On Tue, 28 Oct 2014 11:07:31 -0400
"Paul W. Frields" <stickster at gmail.com> wrote:
> The firewalld rich language is probably also worth looking into -- if
> for no other reason than to determine whether it is capable of
> handling these use cases. If not, we should file RFEs upstream
> because we I'm betting we're not *that* special. :-)
Sure. When we moved to Fedora builders we just had that down as a
"todo later when we get time" and we just haven't had that time yet. ;)
For this particular thing we can set it up so ansible restarts libvirtd
(if and only if it's installed) when iptables restarts. It's just
moving a task so we have our conditional restart and adding it to the
iptables play. I'll do that after freeze.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20141028/a9d6a255/attachment.sig>
More information about the infrastructure
mailing list