From 8724f2e0169be455c4f116894d326734ae7ddb27 Mon Sep 17 00:00:00 2001 From: Gerald Pinder <4626052+gmpinder@users.noreply.github.com> Date: Sun, 11 May 2025 15:00:48 -0400 Subject: [PATCH] Add firewall configuration --- files/rke_setup/etc/firewalld/services/rke.xml | 6 ++++++ .../usr/lib/systemd/system/create_rke_user.service | 4 ++-- files/rke_setup/usr/libexec/rke2/create_rke_user.sh | 1 - 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 files/rke_setup/etc/firewalld/services/rke.xml diff --git a/files/rke_setup/etc/firewalld/services/rke.xml b/files/rke_setup/etc/firewalld/services/rke.xml new file mode 100644 index 0000000..662d740 --- /dev/null +++ b/files/rke_setup/etc/firewalld/services/rke.xml @@ -0,0 +1,6 @@ + + + RKE API + Open port 6443 for Kubernetes API Server. + + diff --git a/files/rke_setup/usr/lib/systemd/system/create_rke_user.service b/files/rke_setup/usr/lib/systemd/system/create_rke_user.service index 9aab41c..f7132a4 100644 --- a/files/rke_setup/usr/lib/systemd/system/create_rke_user.service +++ b/files/rke_setup/usr/lib/systemd/system/create_rke_user.service @@ -7,8 +7,8 @@ Type=oneshot ExecStart=/usr/libexec/rke2/create_rke_user.sh # Disable and mask the service after successful execution -ExecStartPost=-/bin/systemctl disable --now create_rke_user.service -ExecStartPost=-/bin/systemctl mask --now create_rke_user.service +ExecStartPost=-/bin/systemctl disable create_rke_user.service +ExecStartPost=-/bin/systemctl mask create_rke_user.service [Install] WantedBy=multi-user.target diff --git a/files/rke_setup/usr/libexec/rke2/create_rke_user.sh b/files/rke_setup/usr/libexec/rke2/create_rke_user.sh index 29e810e..db94bab 100755 --- a/files/rke_setup/usr/libexec/rke2/create_rke_user.sh +++ b/files/rke_setup/usr/libexec/rke2/create_rke_user.sh @@ -12,4 +12,3 @@ echo "Adding 'rke' to docker group" usermod -aG docker rke echo "Done" -exit 0