Bug 1147687
| Summary: | move authconfig and firewalld to core group | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jeff Bastian <jbastian> | ||||||
| Component: | anaconda | Assignee: | Brian Lane <bcl> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Release Test Team <release-test-team-automation> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | high | ||||||||
| Version: | 7.1 | CC: | atodorov, bcl, blc, dmach, emcnabb, lsmid, mbanas, mvadkert, pnemade, pspacek, rcyriac, vpavlin | ||||||
| Target Milestone: | rc | Keywords: | Regression | ||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | anaconda-19.31.103-1 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2015-03-05 14:03:21 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 1145454, 1145462 | ||||||||
| Attachments: |
|
||||||||
|
Description
Jeff Bastian
2014-09-29 21:03:12 UTC
Looking at ca6898ab93af9cbb4c1f0dc36d90420122ab03a8f441f481388d8f6ae0fcf34f-comps-Server.x86_64.xml from RHEL-7.1-20140925.n.0:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE comps
PUBLIC '-//Red Hat, Inc.//DTD Comps info//EN'
'comps.dtd'>
<comps>
...
<group>
<id>anaconda-tools</id>
<name>Anaconda Tools</name>
...
<packagelist>
<packagereq type="mandatory">authconfig</packagereq>
...
</packagelist>
</group>
...
<group>
<id>base</id>
<name>Base</name>
...
<packagelist>
<packagereq type="mandatory">authconfig</packagereq>
...
</packagelist>
</group>
...
Couldn't authconfig be executed from installation image? Then it wouldn't have to be part of installed system at all. Not sure about firewalld. Why anaconda installs it by default? I also opt for this solution, AFAICT this is the same way as it is done in RHEL6.6 (authconfig still in Base group). We are trying to keep @core mininmal as possible. (In reply to Daniel Mach from comment #2) > Couldn't authconfig be executed from installation image? > Then it wouldn't have to be part of installed system at all. > > Not sure about firewalld. Why anaconda installs it by default? When last we checked, neither authconfig nor firewalld had a way to be told to run inside a different root, which means they have to be installed for anaconda to be able to run them. And we install firewalld to enable/disable services if you use the right options in kickstart. Created attachment 942782 [details] rhel-7.1-20140925.n.0 kickstart file Using the attached kickstart file which only installs @Core, I created a virtual machine and replicated the problem. virt-install --name=rhel71n --ram=1024 --vcpus=1 \ --os-type=linux --os-variant=rhel6 \ --disk=path=/var/lib/libvirt/images/rhel71n.img,size=10,bus=virtio \ --network=network=default,model=virtio \ --graphics=none \ --location=http://download.lab.eng.rdu2.redhat.com/nightly/RHEL-7.1-20140925.n.0/compose/Server/x86_64/os/ \ --extra-args="console=tty0 console=ttyS0,9600n8 ks=http://termite.dfw.redhat.com/kickstart/rhel71n.ks" After Anaconda finished the package installation, it failed like this: An unknown error has occurred =============================================================================== anaconda 19.31.92-1 exception report Traceback (most recent call first): File "/usr/lib64/python2.7/site-packages/pyanaconda/kickstart.py", line 248, in execute raise KickstartError(msg) File "/usr/lib64/python2.7/site-packages/pyanaconda/install.py", line 79, in doConfiguration ksdata.authconfig.execute(storage, ksdata, instClass) File "/usr/lib64/python2.7/threading.py", line 764, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib64/python2.7/site-packages/pyanaconda/threads.py", line 211, in run threading.Thread.run(self, *args, **kwargs) KickstartError: /usr/sbin/authconfig is missing. Cannot setup authentication. What do you want to do now? 1) Report Bug 2) Debug 3) Quit Please make your choice from above: So if I understand that correctly firewalld and authconfig were installed by default to minimal install although they were not part of @core. That doesn't seem right. I understand we want to have @core as small as possible but if we install some packages by default anyway using non-comps methods it doesn't make sense and breaks the whole workflow. As long as we consider firewalld and authconfig default packages, I'd like to see them in @core. Are there other packages installed by Anaconda *always* which are not in @core? Those were the only 2 that were always being installed. Another alternative here is for anaconda to add the required package to the packagelist when the command is seen in the kickstart the same way we handle the realm command. Created attachment 946625 [details]
proposed anaconda patch
Question: Would it be possible to do the same for initial-setup when the kickstart contains 'firstboot --enable'? That is another example of kickstart command that requires the package be installed. There might be others too. It might be worth while to consider adding some kind of strict mode to anaconda to unconditionally obey %package section, and not install packages this way. (In reply to Jon Disnard from comment #9) > Question: > Would it be possible to do the same for initial-setup when the kickstart > contains 'firstboot --enable'? That is another example of kickstart command > that requires the package be installed. There might be others too. > > It might be worth while to consider adding some kind of strict mode to > anaconda to unconditionally obey %package section, and not install packages > this way. Currently initial-setup is always needed, even to disable it (it runs systemctl disable) so we can't optionally install it. The patch from comment 8 is now in upstream Anaconda so we can fix this in Anaconda with a cherry pick. I think that's better than loading up core with more required packages. firstboot --disable auth --useshadow --enablemd5 --enablecache firewall --enabled --ssh selinux --disabled network --bootproto dhcp # Partition and VG config clearpart --all --initlabel autopart %packages --ignoremissing @core %end with the above kickstart both autconfig and firewalld were installed and the respective commands in ks.cfg didn't crash during installation. Moving to VERIFIED. *** Bug 1145462 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0312.html |