From 1e1301ff8a748be008fc8a690d4e28ba1fd8b92a Mon Sep 17 00:00:00 2001
From: Gregory Thiemonge <gthiemon@redhat.com>
Date: Thu, 6 Jun 2024 10:18:18 +0200
Subject: [PATCH] Don't install firewalld in the amphora

When building rockylinux images, DIB install the Minimal Install group
which pulls firewalld. By default it allows only SSH traffic, so we
would need specific rules for the management and tenant traffic, but as
we are using security groups, it's safe to remove firewalld.

Change-Id: I87a26faf6c72640d8916bc3452123a9b5a74d39f
(cherry picked from commit e8fd3b7843b4971796aac69e5b1627d55451d082)
---
 elements/amphora-agent/package-installs.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/elements/amphora-agent/package-installs.yaml b/elements/amphora-agent/package-installs.yaml
index 3ad31f3627..c5fe07fc3d 100644
--- a/elements/amphora-agent/package-installs.yaml
+++ b/elements/amphora-agent/package-installs.yaml
@@ -19,6 +19,10 @@ git-man:
   uninstall: True
 perl:
   uninstall: True
+# diskimage-builder installs firewalld in rockylinux, it's not needed as it
+# blocks management and tenant traffic by default and we use security groups
+firewalld:
+  uninstall: True
 
 libffi-dev:
   build-only: True