Bug 1224799

Summary: [iptables] install iptables-services if available
Product: [oVirt] otopi Reporter: Alon Bar-Lev <alonbl>
Component: Plugins.networkAssignee: Alon Bar-Lev <alonbl>
Status: CLOSED CURRENTRELEASE QA Contact: Lukas Svaty <lsvaty>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 1.0.0CC: bazulay, bugs, didi, dougsland, ecohen, gklein, iheim, khajna, lsurette, lsvaty, pkubica, pmatyas, yeylon
Target Milestone: ovirt-3.6.0-rcFlags: rule-engine: ovirt-3.6.0+
ylavi: planning_ack+
rule-engine: devel_ack+
rule-engine: testing_ack+
Target Release: 1.4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: rhel-7.1 and fc-22 failed to start iptables as iptables-services packages were missing. Consequence: iptables failed to start. Fix: install iptables-services in addition to iptables. Result: iptables is starting.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-11-27 07:48:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1224804, 1230104    

Description Alon Bar-Lev 2015-05-25 19:15:30 UTC 
Required for rhel-7.1 and fc-21(?)
Comment 1 Karolína Hajná 2015-05-28 09:32:27 UTC 
Engine-setup tries to install iptables-services on RHEL6.6 as well. This ends up with error but it doesn't have any effect on the setup itself which completes succesfully. 

Please fix this.
Comment 2 Karolína Hajná 2015-05-28 09:35:16 UTC 
(In reply to Karolína Hajná from comment #1)
> Engine-setup tries to install iptables-services on RHEL6.6 as well. This
> ends up with error but it doesn't have any effect on the setup itself which
> completes succesfully. 
> 
> Please fix this.

Forgot to add it happens on 

3.6.0-0.0.master.20150527172325.git8f6833f.el6
Comment 3 Alon Bar-Lev 2015-05-28 09:38:04 UTC 
(In reply to Karolína Hajná from comment #1)
> Engine-setup tries to install iptables-services on RHEL6.6 as well. This
> ends up with error but it doesn't have any effect on the setup itself which
> completes succesfully. 
> 
> Please fix this.

so what is the problem? it tires, it fails and fallback to iptables.
Comment 4 Karolína Hajná 2015-05-28 10:08:50 UTC 
(In reply to Alon Bar-Lev from comment #3)
> (In reply to Karolína Hajná from comment #1)
> > Engine-setup tries to install iptables-services on RHEL6.6 as well. This
> > ends up with error but it doesn't have any effect on the setup itself which
> > completes succesfully. 
> > 
> > Please fix this.
> 
> so what is the problem? it tires, it fails and fallback to iptables.

The user sees an error during setup which might be a problem.
Comment 5 Alon Bar-Lev 2015-05-28 10:23:24 UTC 
(In reply to Karolína Hajná from comment #4)
> (In reply to Alon Bar-Lev from comment #3)
> > (In reply to Karolína Hajná from comment #1)
> > > Engine-setup tries to install iptables-services on RHEL6.6 as well. This
> > > ends up with error but it doesn't have any effect on the setup itself which
> > > completes succesfully. 
> > > 
> > > Please fix this.
> > 
> > so what is the problem? it tires, it fails and fallback to iptables.
> 
> The user sees an error during setup which might be a problem.

it can be safely ignored and the process succeeds.
Comment 6 Karolína Hajná 2015-05-28 10:31:38 UTC 
(In reply to Alon Bar-Lev from comment #5)
> (In reply to Karolína Hajná from comment #4)
> > (In reply to Alon Bar-Lev from comment #3)
> > > (In reply to Karolína Hajná from comment #1)
> > > > Engine-setup tries to install iptables-services on RHEL6.6 as well. This
> > > > ends up with error but it doesn't have any effect on the setup itself which
> > > > completes succesfully. 
> > > > 
> > > > Please fix this.
> > > 
> > > so what is the problem? it tires, it fails and fallback to iptables.
> > 
> > The user sees an error during setup which might be a problem.
> 
> it can be safely ignored and the process succeeds.

Since the iptables-services are required only for RHEL7, it's not important to show this error message on RHEL6. The user can be confused by it and look for solution which isn't needed. 
For this reason it would be better to show the error message only when iptables-services package is required (on RHEL7).
Comment 7 Alon Bar-Lev 2015-05-28 10:37:44 UTC 
(In reply to Karolína Hajná from comment #6)
> Since the iptables-services are required only for RHEL7, it's not important
> to show this error message on RHEL6. The user can be confused by it and look
> for solution which isn't needed. 
> For this reason it would be better to show the error message only when
> iptables-services package is required (on RHEL7).

much more complex to resolve the dependency tree and see what package provides what, easier and safer to just tell yum to install a package.

the implementation will not check for distribution name, and relay only on available packages at all distros, including fedora, rhel and potentially others.

once again, there is no real issue here.
Comment 8 Yedidyah Bar David 2015-06-08 08:51:35 UTC 
*** Bug 1225913 has been marked as a duplicate of this bug. ***
Comment 9 Yedidyah Bar David 2015-06-08 08:58:26 UTC 
I'd personally prefer otopi to not install any packages by its own plugins, instead either depend on them (if always required) or have the packages using it depend on them (if required) or install them (probably subject to input from user).
Comment 10 Yedidyah Bar David 2015-06-08 09:03:44 UTC 
This applies, btw, to iproute too. Probably all of src/plugins/otopi/network/hostname.py should be optional. Those users that should have noticed the warning it emits just ignore it anyway, see bug 1226910.
Comment 11 Alon Bar-Lev 2015-06-08 13:19:35 UTC 
didi, please understand that otopi is not installed at a machine but is sent over the wire to prepare a machine from state zero to state one.
Comment 12 Yedidyah Bar David 2015-06-08 13:34:42 UTC 
(In reply to Alon Bar-Lev from comment #11)
> didi, please understand that otopi is not installed at a machine but is sent
> over the wire to prepare a machine from state zero to state one.

You refer to host-deploy, I assume. Any problem making host-deploy ask to install iptables-service if it wants to?
Comment 13 Alon Bar-Lev 2015-06-08 13:40:04 UTC 
(In reply to Yedidyah Bar David from comment #12)
> (In reply to Alon Bar-Lev from comment #11)
> > didi, please understand that otopi is not installed at a machine but is sent
> > over the wire to prepare a machine from state zero to state one.
> 
> You refer to host-deploy, I assume. Any problem making host-deploy ask to
> install iptables-service if it wants to?

host-deploy uses otopi, both are designed for local and remote installation.
Comment 14 Lukas Svaty 2015-11-26 15:18:54 UTC 
verified in ovirt-host-deploy-1.4.1-1.el6ev.noarch
Comment 15 Sandro Bonazzola 2015-11-27 07:48:24 UTC 
Since oVirt 3.6.0 has been released, moving from verified to closed current release.