Bug 1097857

Summary: Firewall manager to configure does not accept default
Product: Red Hat Enterprise Virtualization Manager Reporter: Matthew Davis <mdavis>
Component: ovirt-engine-setupAssignee: Yedidyah Bar David <didi>
Status: CLOSED NOTABUG QA Contact: Pavel Stehlik <pstehlik>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.3.0CC: acathrow, bazulay, dfediuck, gklein, iheim, Rhev-m-bugs, yeylon
Target Milestone: ---   
Target Release: 3.4.1   
Hardware: x86_64   
OS: Linux   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-05-25 08:21:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matthew Davis 2014-05-14 17:03:16 UTC 
See output of engine-setup below. I have to explicitly typeout iptables for it to continue.

        Firewall manager to configure (iptables): 
[ ERROR ] Invalid value
          Firewall manager to configure (iptables): 
[ ERROR ] Invalid value
          Firewall manager to configure (iptables): iptables
[ INFO  ] iptables will be configured as firewall manager.


[root ~]$ rpm -q rhevm-setup
rhevm-setup-3.3.2-0.50.el6ev.noarch
Comment 1 Yedidyah Bar David 2014-05-25 08:21:24 UTC 
(In reply to Matthew Davis from comment #0)
> See output of engine-setup below. I have to explicitly typeout iptables for
> it to continue.
> 
>         Firewall manager to configure (iptables): 
> [ ERROR ] Invalid value
>           Firewall manager to configure (iptables): 
> [ ERROR ] Invalid value
>           Firewall manager to configure (iptables): iptables
> [ INFO  ] iptables will be configured as firewall manager.
> 
> 
> [root ~]$ rpm -q rhevm-setup
> rhevm-setup-3.3.2-0.50.el6ev.noarch

This is the intended behavior. See [1] for a detailed description.

In particular, if no firewall managers are active, user is forced to make a significant decision - choosing to activate a previously inactive service - and therefore there is no default, even if there is only one candidate.

An example where this is important: If a user has some other active firewall manager (such as ferm, firehol, fwbuilder etc) which is not supported by setup, we do not want to override the current settings (probably breaking stuff) if a user merely presses 'Enter' all the time accepting defaults.

So, to sum up: If you have just iptables installed, do not care about all the complications of setup, just want 'Enter' to accept defaults without having to type anything, just make sure you enable iptables prior to running setup.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1024707#c9