Bug 1148399
| Summary: | puppet must not attempt to remove firewalld | ||
|---|---|---|---|
| Product: | [Community] RDO | Reporter: | Martin Magr <mmagr> |
| Component: | openstack-puppet-modules | Assignee: | Martin Magr <mmagr> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Ami Jeain <ajeain> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | apevec, lbezdick, mmagr, stoner, whayutin, yeylon |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openstack-puppet-modules-2014.2.1-0.5.fc22 openstack-packstack-2014.2-0.4.dev1266.g63d9c50.fc22 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-27 19:58:50 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
the only place in which the firewalld package is removed is in the class firewall::linux::redhat from the firewall puppet module which AFAIK is not used by packstack (there are no puppet manifests that include this class). this does not happen in the latest openstack-packstack-2014.2-0.3.dev1266.g63d9c50.fc22 yum install -y https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm yum install -y yum-fastestmirror yum-presto deltarpm yum update -y setenforce permissive yum install -y openstack-packstack packstack -S packstack /usr/bin/packstack -d --allinone can you reproduce it using this? Puppet class that you mentioned is indeed used via ::firewall class [1]. Considerin that Lukas is going to implement firewalld support to the module, the class ::firewall::linux::redhat should be fixed in the process. [1] https://github.com/stackforge/packstack/blob/master/packstack/puppet/templates/prescript.pp#L1 *** Bug 1148426 has been marked as a duplicate of this bug. *** > can you reproduce it using this? You need to have firewall-config or some other package depending on firewalld installed to trigger this. FWIW I've proposed https://github.com/puppetlabs/puppetlabs-firewall/pull/425 but that fails on a Puppet core bug, which remains unfixed even in the latest Puppet. Lukas, how and when is this going to be fixed as a part of the work Martin mentioned in the comment 2 ? If there are no better suggestions, I'll include PR 425 patch in RDO Juno openstack-puppet-modules. TBH I don't think firewalld package should be uninstalled. If more packages will start to depend on it, we could end up in state where needed packages will be removed together with firewalld. I created PR [1] with just disabling and stopping forewalld service which worked for us in Packstack without any issue. [1] https://github.com/puppetlabs/puppetlabs-firewall/pull/426/ ack Please, pretty please, build opm with 426 patch! This is RDO Juno Fedora blocker. > External Bug ID: OpenStack gerrit 130809
This is the patch for Packstack, required once opm includes puppet-firewall with patch #426.
Otherwise:
Error: Duplicate declaration: Service[firewalld] is already declared in file /var/tmp/packstack/5fb56c595b7f4f9a99c35bce7722b4d3/modules/firewall/manifests/linux/redhat.pp:29; cannot redeclare at /var/tmp/packstack/5fb56c595b7f4f9a99c35bce7722b4d3/manifests/192.168.150.166_prescript.pp:30
|
Description of problem: Running Packstack Juno on Fedora 20 attemtps to remove firewalld package. THis attempt fails because 'rpm -e' is used instead of 'yum remove'. We should either stop the effort of removing the package or use yum instead Version-Release number of selected component (if applicable): openstack-packstack-2014.2-0.2.dev1266.g63d9c50.fc22.noarch openstack-puppet-modules-2014.2-0.3.fc22.noarch Additional info: ^[[1;31mWarning: Config file /etc/puppet/hiera.yaml not found, using Hiera defaults^[[0m ^[[mNotice: Compiled catalog for localhost.localdomain in environment production in 0.85 seconds^[[0m ^[[1;31mError: Execution of '/usr/bin/rpm -e firewalld-0.3.11-3.fc20.noarch' returned 1: error: Failed dependencies: firewalld >= 0.3.5-1 is needed by (installed) anaconda-20.25.16-1.fc20.x86_64 firewalld = 0.3.11-3.fc20 is needed by (installed) firewall-config-0.3.11-3.fc20.noarch ^[[0m ^[[1;31mError: /Stage[main]/Firewall::Linux::Redhat/Package[firewalld]/ensure: change from 0.3.11-3.fc20 to absent failed: Execution of '/usr/bin/rpm -e firewalld-0.3.11-3.fc20.noarch' returned 1: error: Failed dependencies: firewalld >= 0.3.5-1 is needed by (installed) anaconda-20.25.16-1.fc20.x86_64 firewalld = 0.3.11-3.fc20 is needed by (installed) firewall-config-0.3.11-3.fc20.noarch ^[[0m ^[[mNotice: /Stage[main]/Firewall::Linux::Redhat/Package[iptables-services]: Dependency Package[firewalld] has failures: true^[[0m ^[[1;31mWarning: /Stage[main]/Firewall::Linux::Redhat/Package[iptables-services]: Skipping because of failed dependencies^[[0m ^[[mNotice: /Stage[main]/Firewall::Linux::Redhat/File[/etc/sysconfig/iptables]/ensure: created^[[0m ^[[mNotice: /Stage[main]/Main/Service[firewalld]/ensure: ensure changed 'running' to 'stopped'^[[0m ^[[mNotice: /Stage[main]/Firewall::Linux::Redhat/Service[iptables]: Dependency Package[firewalld] has failures: true^[[0m ^[[1;31mWarning: /Stage[main]/Firewall::Linux::Redhat/Service[iptables]: Skipping because of failed dependencies^[[0m ^[[mNotice: Finished catalog run in 0.90 seconds^[[0m