Bug 1381135
| Summary: | [FC28] otopi fails to detect firewalld if python2-firewall is not available | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] otopi | Reporter: | Sandro Bonazzola <sbonazzo> | ||||
| Component: | Plugins.network | Assignee: | Gal Zaidman <gzaidman> | ||||
| Status: | CLOSED UPSTREAM | QA Contact: | Lukas Svaty <lsvaty> | ||||
| Severity: | high | Docs Contact: | Rolfe Dlugy-Hegwer <rdlugyhe> | ||||
| Priority: | high | ||||||
| Version: | master | CC: | bugs, didi, gzaidman, lsvaty, nsoffer, pkovar, rdlugyhe, sbonazzo, ylavi | ||||
| Target Milestone: | ovirt-4.3.0 | Flags: | rule-engine:
ovirt-4.3+
|
||||
| Target Release: | 1.8.0 | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | otopi-1.8.0_beta1 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Previously, in Fedora 24 and above, OTOPI did not detect firewalld and produced a "No firewalld python module" log entry.
The current release fixes this issue.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-08-16 08:03:06 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1460625 | ||||||
| Attachments: |
|
||||||
|
Description
Sandro Bonazzola
2016-10-03 08:35:15 UTC
otopi only uses firewalld's python api/code for a single thing - to check the installed version. Everything else is done by running 'firewall-cmd'. We can change the code to run 'firewall-cmd --version' also for this. Current bug, though, should not be relevant anymore, because we recently changed otopi to use python3 by default, see bug 1316950. From https://lists.ovirt.org/archives/list/devel@ovirt.org/message/OP2EBYDWSKIPFVNXSTL6QTTKYNJFBPEA/ Next failure is in TASK [ovirt-host-deploy-firewalld : Enable SSH port] unsupported version of firewalld, requires >= 0.2.11 # rpm -q firewalld firewalld-0.5.2-2.fc28.noarch Obviously the complain is incorrect, "0.5.2" > "0.2.11". Moving back to assigned. Created attachment 1453737 [details]
host deploy log showing the error
(In reply to Sandro Bonazzola from comment #2) > From > https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ > OP2EBYDWSKIPFVNXSTL6QTTKYNJFBPEA/ > > Next failure is in TASK [ovirt-host-deploy-firewalld : Enable SSH port] > unsupported version of firewalld, requires >= 0.2.11 I believe this error message is from ansible [1], not from otopi. Please open a new bug for this. [1] https://github.com/ansible/ansible/blob/devel/lib/ansible/module_utils/firewalld.py#L296 > > # rpm -q firewalld > firewalld-0.5.2-2.fc28.noarch > > Obviously the complain is incorrect, "0.5.2" > "0.2.11". > > > Moving back to assigned. (In reply to Yedidyah Bar David from comment #4) > I believe this error message is from ansible [1], not from otopi. Please > open a new bug for this. Opened bug #1597121, thanks! I've copyedited the content in Doc Text. Please review and confirm. (In reply to Rolfe Dlugy-Hegwer from comment #6) > I've copyedited the content in Doc Text. Please review and confirm. Redirecting to Gal I do not think we really need to mention this bug in the release notes. It's enough to say that fedora is still not supported, although there is some good progress. No need to mention each and every relevant bug. Thanks Gal and Yedidyah. I've updated the Doc Text to, I hope, correctly reflect your feedback. I've diminished the importance of this BZ (bz#1381135) by setting its Doc Type field to Known Issue. The Status of bz#1316950 (OTOPI should use python3 interpreter on Fedora) is POST for 4.3. I'm new here, so I'm not sure how that affects bz#1381135. Therefore, I've kept the Doc Text content above as minimal as possible. Please review the updated Doc Text and feel free to suggest further changes. I have to say that I agree with Yedidyah, I don't think that bug needs to be mentioned in the release notes, since fedora is not supported yet. but if we insist on having it, I think that we need to change the Doc Text , I don't agree with the line: "To work around this issue, install the python2-firewall package." because that is what needed to be done **before** the fix to workaround the issue, currently the issue is prevented. currently, the user doesn't need to workaround that issue, and if we want to stick with the CCWR as in the Bugzilla docs: https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes Cause: In Fedora 24 and above, python3 is used by default in most of the system commands. In particular firewall-cmd is now runing on python3 so python2-firewall is not installed by default. OTOPI runs on python2 by default therefore and import python3-firewall Consequence: produces a "No firewalld python module" log entry. Workaround: use python3-firewallfrom the cli Result: no restrictions Thank you both. I'll suppress the release note for this BZ by marking it as NOTABUG. This means that we will NOT be following the previous recommendation to say "that fedora is still not supported". (In reply to Rolfe Dlugy-Hegwer from comment #11) > Thank you both. I'll suppress the release note for this BZ by marking it as > NOTABUG. This means that we will NOT be following the previous > recommendation to say "that fedora is still not supported". The correct way to do this is to set the requires_doc_text flag to "-". |