Bug 1032431

Summary: Installation of OpenShift Origin on Fedora 19 removed firewalld
Product: OKD Reporter: Jan Pazdziora <jpazdziora>
Component: PodAssignee: Abhishek Gupta <abhgupta>
Status: CLOSED WONTFIX QA Contact: libra bugs <libra-bugs>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.xCC: sztsian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-05-31 18:22:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jan Pazdziora 2013-11-20 07:53:36 UTC 
Description of problem:

When OpenShift Origin installation is attempted using instructions at

   http://openshift.github.io/documentation/oo_deployment_guide_puppet.html#configuring-an-all-in-one-host

it removes firewalld. It is unfortunate as OpenShift should be able to install with the default firewalling solution (and as of three months ago, it was possible).

Version-Release number of selected component (if applicable):

OpenShift Origin nightly as of today.

How reproducible:

Deterministic.

Steps to Reproduce:
1. Run rpm -qf /usr/bin/firewall-cmd, check that firewalld is installed.
2. Run puppet apply --verbose configure_origin.pp.
3. Run rpm -qf /usr/bin/firewall-cmd again.

Actual results:

# rpm -qf /usr/bin/firewall-cmd
error: file /usr/bin/firewall-cmd: No such file or directory

Expected results:

error: file /usr/bin/firewall-cmd: No such file or directory

Additional info:

The following piece in /etc/puppet/modules/openshift_origin/manifests/firewall.pp seems to be the culprit:

  ensure_resource('package', 'iptables', {})
  ensure_resource('package', 'firewalld', {
      ensure => 'absent',
    }
  )
Comment 1 Zamir SUN 2014-01-28 16:40:01 UTC 
As I see from the oo-install user's guide, openshift do not support firewalld yet.
http://openshift.github.io/documentation/oo_install_users_guide.html

(In reply to Jan Pazdziora from comment #0)
> Description of problem:
> 
> When OpenShift Origin installation is attempted using instructions at
> 
>   
> http://openshift.github.io/documentation/oo_deployment_guide_puppet.
> html#configuring-an-all-in-one-host
> 
> it removes firewalld. It is unfortunate as OpenShift should be able to
> install with the default firewalling solution (and as of three months ago,
> it was possible).
> 
> Version-Release number of selected component (if applicable):
> 
> OpenShift Origin nightly as of today.
> 
> How reproducible:
> 
> Deterministic.
> 
> Steps to Reproduce:
> 1. Run rpm -qf /usr/bin/firewall-cmd, check that firewalld is installed.
> 2. Run puppet apply --verbose configure_origin.pp.
> 3. Run rpm -qf /usr/bin/firewall-cmd again.
> 
> Actual results:
> 
> # rpm -qf /usr/bin/firewall-cmd
> error: file /usr/bin/firewall-cmd: No such file or directory
> 
> Expected results:
> 
> error: file /usr/bin/firewall-cmd: No such file or directory
> 
> Additional info:
> 
> The following piece in
> /etc/puppet/modules/openshift_origin/manifests/firewall.pp seems to be the
> culprit:
> 
>   ensure_resource('package', 'iptables', {})
>   ensure_resource('package', 'firewalld', {
>       ensure => 'absent',
>     }
>   )
Comment 2 Eric Paris 2017-05-31 18:22:11 UTC 
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.