particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rhel8/azure: remove and disable firewalld from EAP

Browse source 
Remove firewalld from the base package set for Azure and add it to all
the image-specific package sets except EAP (and explicitly exclude it).
Remove firewalld from the base image config for Azure and add it to all
the image-specific configs.

Test manifests updated.
Manifest changes for non-EAP image types is only the enabled-services
reordering: firewalld is last because it is appended to the base config.

See COMPOSER-1859
This commit is contained in:
Achilleas Koutsou 2023-05-03 15:28:33 +02:00 committed by Tomáš Hozza
parent 9132dd469e
commit 584ae47eca
39 changed files with 129 additions and 1065 deletions
Download patch file Download diff file Expand all files Collapse all files

112
internal/distro/rhel8/azure.go
View file

@ -20,7 +20,7 @@ func azureRhuiImgType() imageType {
packageSets: map[string]packageSetFunc{
osPkgsKey: azureRhuiPackageSet,
},
defaultImageConfig: defaultAzureRhuiImageConfig.InheritFrom(defaultAzureImageConfig),
defaultImageConfig: defaultAzureRhuiImageConfig.InheritFrom(defaultVhdImageConfig()),
kernelOptions: defaultAzureKernelOptions,
bootable: true,
defaultSize: 64 * common.GibiByte,
@ -61,7 +61,7 @@ func azureByosImgType() imageType {
packageSets: map[string]packageSetFunc{
osPkgsKey: azurePackageSet,
},
defaultImageConfig: defaultAzureByosImageConfig.InheritFrom(defaultAzureImageConfig),
defaultImageConfig: defaultAzureByosImageConfig.InheritFrom(defaultVhdImageConfig()),
kernelOptions: defaultAzureKernelOptions,
bootable: true,
defaultSize: 4 * common.GibiByte,
@ -82,7 +82,7 @@ func azureImgType() imageType {
packageSets: map[string]packageSetFunc{
osPkgsKey: azurePackageSet,
},
defaultImageConfig: defaultAzureImageConfig,
defaultImageConfig: defaultVhdImageConfig(),
kernelOptions: defaultAzureKernelOptions,
bootable: true,
defaultSize: 4 * common.GibiByte,
@ -95,50 +95,25 @@ func azureImgType() imageType {
}
func azureEap7RhuiImgType() imageType {
it := azureRhuiImgType()
it.name = "azure-eap7-rhui"
it.nameAliases = nil // make sure we don't inherit aliases from the base image type
it.workload = eapWorkload()
// shell env vars for EAP
wildflyPath := "/opt/rh/eap7/root/usr/share/wildfly"
it.defaultImageConfig.ShellInit = []shell.InitFile{
{
Filename: "eap_env.sh",
Variables: []shell.EnvironmentVariable{
{
Key: "EAP_HOME",
Value: wildflyPath,
},
{
Key: "JBOSS_HOME",
Value: wildflyPath,
},
},
return imageType{
name: "azure-eap7-rhui",
workload: eapWorkload(),
filename: "disk.vhd.xz",
mimeType: "application/xz",
compression: "xz",
packageSets: map[string]packageSetFunc{
osPkgsKey: azureEapPackageSet,
},
defaultImageConfig: defaultAzureEapImageConfig.InheritFrom(defaultAzureRhuiImageConfig.InheritFrom(defaultAzureImageConfig)),
kernelOptions: defaultAzureKernelOptions,
bootable: true,
defaultSize: 64 * common.GibiByte,
image: liveImage,
buildPipelines: []string{"build"},
payloadPipelines: []string{"os", "image", "vpc", "xz"},
exports: []string{"xz"},
basePartitionTables: azureRhuiBasePartitionTables,
}
it.defaultImageConfig.Firewall = &osbuild.FirewallStageOptions{
Ports: []string{
"23364:tcp", // modcluster
"25:tcp", // mail
"3528:tcp", // IIOP
"3529:tcp", // IIOP-SSL
"45700:tcp", // Clustering subsystem
"4712:tcp", // recovery manager
"4713:tcp", // recovery manager
"54200:tcp", // Clustering subsystem
"54688:tcp", // Clustering subsystem
"55200:tcp", // Clustering subsystem
"57600:tcp", // Clustering subsystem
"7600:tcp", // Clustering subsystem
"8009:tcp", // AJP
"8080:tcp", // HTTP
"8443:tcp", // HTTPS
"9990:tcp", // Management interface over HTTP
"9993:tcp", // Management interface over HTTPS
},
}
return it
}
// PACKAGE SETS
@ -158,7 +133,6 @@ func azureCommonPackageSet(t *imageType) rpmmd.PackageSet {
"dracut-config-generic",
"dracut-norescue",
"efibootmgr",
"firewalld",
"gdisk",
"hyperv-daemons",
"kernel",
@ -237,6 +211,9 @@ func azureCommonPackageSet(t *imageType) rpmmd.PackageSet {
// Azure BYOS image package set
func azurePackageSet(t *imageType) rpmmd.PackageSet {
return rpmmd.PackageSet{
Include: []string{
"firewalld",
},
Exclude: []string{
"alsa-lib",
},
@ -247,6 +224,7 @@ func azurePackageSet(t *imageType) rpmmd.PackageSet {
func azureRhuiPackageSet(t *imageType) rpmmd.PackageSet {
return rpmmd.PackageSet{
Include: []string{
"firewalld",
"rhui-azure-rhel8",
},
Exclude: []string{
@ -261,11 +239,20 @@ func azureRhuiPackageSet(t *imageType) rpmmd.PackageSet {
func azureSapPackageSet(t *imageType) rpmmd.PackageSet {
return rpmmd.PackageSet{
Include: []string{
"firewalld",
"rhui-azure-rhel8-sap-ha",
},
}.Append(azureCommonPackageSet(t)).Append(SapPackageSet(t))
}
func azureEapPackageSet(t *imageType) rpmmd.PackageSet {
return rpmmd.PackageSet{
Exclude: []string{
"firewalld",
},
}.Append(azureCommonPackageSet(t))
}
// PARTITION TABLES
var azureRhuiBasePartitionTables = distro.BasePartitionTableMap{
@ -503,7 +490,6 @@ var defaultAzureImageConfig = &distro.ImageConfig{
},
},
EnabledServices: []string{
"firewalld",
"nm-cloud-setup.service",
"nm-cloud-setup.timer",
"sshd",
@ -698,6 +684,34 @@ var defaultAzureRhuiImageConfig = &distro.ImageConfig{
},
}
func sapAzureImageConfig(rd distribution) *distro.ImageConfig {
return sapImageConfig(rd).InheritFrom(defaultAzureImageConfig)
const wildflyPath = "/opt/rh/eap7/root/usr/share/wildfly"
var defaultAzureEapImageConfig = &distro.ImageConfig{
// shell env vars for EAP
ShellInit: []shell.InitFile{
{
Filename: "eap_env.sh",
Variables: []shell.EnvironmentVariable{
{
Key: "EAP_HOME",
Value: wildflyPath,
},
{
Key: "JBOSS_HOME",
Value: wildflyPath,
},
},
},
},
}
func defaultVhdImageConfig() *distro.ImageConfig {
imageConfig := &distro.ImageConfig{
EnabledServices: append(defaultAzureImageConfig.EnabledServices, "firewalld"),
}
return imageConfig.InheritFrom(defaultAzureImageConfig)
}
func sapAzureImageConfig(rd distribution) *distro.ImageConfig {
return sapImageConfig(rd).InheritFrom(defaultVhdImageConfig())
}