Remove special-case for firewalld in builder (#364)

sjpb · web-flow · commit 678d08d4e76d · 2024-03-08T14:12:46.000Z
* fix leafcloud keyfile to match workflow

* cope with clouds with default encrypted volumes for packer build

* bump CI image

* remove special-case for firewalld in builder

* bump CI image

* bump CI image
diff --git a/ansible/fatimage.yml b/ansible/fatimage.yml
@@ -27,13 +27,6 @@
   become: yes
   gather_facts: no
   tasks:
-    - name: Disable firewalld
-      # This is enabled on installation, which isn't what we want
-      systemd:
-        name: firewalld
-        state: stopped
-        enabled: false
-
     # - import_playbook: iam.yml
     - name: Install FreeIPA client
       import_role:
diff --git a/ansible/roles/firewalld/tasks/main.yml b/ansible/roles/firewalld/tasks/main.yml
@@ -1,15 +1,3 @@
 ---
 - import_tasks: install.yml
-
-- name: Apply filewalld configs
-  ansible.posix.firewalld: "{{ item }}"
-  notify: Restart filewalld
-  loop: "{{ firewalld_configs }}"
-
-- meta: flush_handlers
-
-- name: Ensure filewalld state
-  ansible.builtin.systemd:
-    name: firewalld
-    state: "{{ firewalld_state }}"
-    enabled: "{{ firewalld_enabled | default('yes' ) }}"
+- import_tasks: runtime.yml
diff --git a/ansible/roles/firewalld/tasks/runtime.yml b/ansible/roles/firewalld/tasks/runtime.yml
@@ -0,0 +1,12 @@
+- name: Apply filewalld configs
+  ansible.posix.firewalld: "{{ item }}"
+  notify: Restart filewalld
+  loop: "{{ firewalld_configs }}"
+
+- meta: flush_handlers
+
+- name: Ensure filewalld state
+  ansible.builtin.systemd:
+    name: firewalld
+    state: "{{ firewalld_state }}"
+    enabled: "{{ firewalld_enabled | default(true) }}"
diff --git a/environments/.stackhpc/terraform/main.tf b/environments/.stackhpc/terraform/main.tf
@@ -22,7 +22,7 @@ variable "cluster_name" {
 variable "cluster_image" {
     description = "single image for all cluster nodes - a convenience for CI"
     type = string
-    default = "openhpc-240307-1635-ff0f9833" # https://github.com/stackhpc/ansible-slurm-appliance/pull/376
+    default = "openhpc-240308-1011-0f0291c0" # https://github.com/stackhpc/ansible-slurm-appliance/pull/364
     # default = "Rocky-8-GenericCloud-Base-8.9-20231119.0.x86_64.qcow2"
 }
 
diff --git a/environments/common/inventory/group_vars/builder/defaults.yml b/environments/common/inventory/group_vars/builder/defaults.yml
@@ -14,3 +14,5 @@ block_devices_configurations: [] # as volumes will not be attached to Packer bui
 mysql_state: stopped # as it tries to connect to real mysql node
 opensearch_state: stopped # avoid writing config+certs+db into image
 cuda_persistenced_state: stopped # probably don't have GPU in Packer build VMs
+firewalld_enabled: false # dnf install of firewalld enables it
+firewalld_state: stopped

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ variable "cluster_name" {`
`22`	`22`	`variable "cluster_image" {`
`23`	`23`	`description = "single image for all cluster nodes - a convenience for CI"`
`24`	`24`	`type = string`
`25`		`- default = "openhpc-240307-1635-ff0f9833" # https://github.com/stackhpc/ansible-slurm-appliance/pull/376`
	`25`	`+ default = "openhpc-240308-1011-0f0291c0" # https://github.com/stackhpc/ansible-slurm-appliance/pull/364`
`26`	`26`	`# default = "Rocky-8-GenericCloud-Base-8.9-20231119.0.x86_64.qcow2"`
`27`	`27`	`}`
`28`	`28`