Bug 1410709

Summary: [GSS] [RFE] remove firewalld from nfs-ganesha dependency in RHGS -RHEL 7
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: Riyas Abdulrasak <rnalakka>
Component: nfs-ganeshaAssignee: Kaleb KEITHLEY <kkeithle>
Status: CLOSED ERRATA QA Contact: surabhi <sbhaloth>
Severity: medium Docs Contact:
Priority: unspecified    
Version: rhgs-3.1CC: abhishku, amukherj, asrivast, bkunal, bmohanra, bsrirama, jthottan, msaini, mzink, rcyriac, rhinduja, rhs-bugs, rnalakka, skoduri, storage-qa-internal
Target Milestone: ---Keywords: FutureFeature
Target Release: RHGS 3.3.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: nfs-ganesha-2.4.4-4 Doc Type: Enhancement
Doc Text:
With this release, the dependency over firewalld is removed and NFS-Ganesha can be installed with ease without installing firewalld.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-21 04:47:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1369781, 1417138, 1417145    

Description Riyas Abdulrasak 2017-01-06 07:17:12 UTC 
Description of problem:

nfs-ganesha has dependency of firewalld . PFB

]# yum deplist nfs-ganesha
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
package: nfs-ganesha.x86_64 2.3.1-8.el7rhgs
  dependency: /bin/sh
   provider: bash.x86_64 4.2.46-21.el7_3
  dependency: dbus
   provider: dbus.x86_64 1:1.6.12-17.el7
  dependency: firewalld                            <<<<<
   provider: firewalld.noarch 0.4.3.2-8.el7
  dependency: libblkid.so.1()(64bit)
   provider: libblkid.x86_64 2.23.2-33.el7
  dependency: libblkid.so.1(BLKID_1.0)(64bit)
   provider: libblkid.x86_64 2.23.2-33.el7


* Removing firewalld package removes nfs-ganesha and related packages. 


# yum remove firewalld
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.4.3.2-8.el7 will be erased
--> Processing Dependency: firewalld for package: nfs-ganesha-2.3.1-8.el7rhgs.x86_64
--> Running transaction check
---> Package nfs-ganesha.x86_64 0:2.3.1-8.el7rhgs will be erased
--> Processing Dependency: nfs-ganesha = 2.3.1-8.el7rhgs for package: nfs-ganesha-gluster-2.3.1-8.el7rhgs.x86_64
--> Running transaction check
---> Package nfs-ganesha-gluster.x86_64 0:2.3.1-8.el7rhgs will be erased
--> Processing Dependency: nfs-ganesha-gluster for package: glusterfs-ganesha-3.7.9-12.el7rhgs.x86_64
--> Running transaction check
---> Package glusterfs-ganesha.x86_64 0:3.7.9-12.el7rhgs will be erased
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================================================
 Package                                     Arch                           Version                                    Repository                                                        Size
==============================================================================================================================================================================================
Removing:
 firewalld                                   noarch                         0.4.3.2-8.el7                              @rhel-7-server-htb-rpms                                          1.7 M
Removing for dependencies:
 glusterfs-ganesha                           x86_64                         3.7.9-12.el7rhgs                           @rh-gluster-3-for-rhel-7-server-rpms                              62 k
 nfs-ganesha                                 x86_64                         2.3.1-8.el7rhgs                            @rh-gluster-3-nfs-for-rhel-7-server-rpms                         1.5 M
 nfs-ganesha-gluster                         x86_64                         2.3.1-8.el7rhgs                            @rh-gluster-3-nfs-for-rhel-7-server-rpms                          68 k

Transaction Summary
==============================================================================================================================================================================================
Remove  1 Package (+3 Dependent packages)

Installed size: 3.3 M
Is this ok [y/N]: 


Customer wants to remove the dependency of firewalld for nfs-ganesha

Version-Release number of selected component (if applicable):

Red Hat Gluster Storage 3.1.3

How reproducible:

Always 

Steps to Reproduce:
1. Install nfs-ganesha on a RHGS node, it will show firewalld as dependency. 


Actual results:

nfs-ganesha has dependency of firewalld package 

Expected results:

firewalld shouldn't be a dependency of firewalld

Additional info:
Comment 3 Soumya Koduri 2017-01-06 09:13:28 UTC 
Thats right. We had a requirement to open up necessary ports required for nfs-ganesha (&side-band protocols) to function properly in firewalld (bug1245103). As part of those changes this dependency got created. 

In case if firewalld is installed at the time of installing nfs-ganesha, it shall create this dependency (thats because as mentioned by Byreddy above, few service files get installed) and I am not sure if it can be avoided. 

However does installing nfs-ganesha package fail when firewalld is not installed on the system? If that is the case, we can fix it by checking if firewalld is installed on the system instead of assuming it is available for >=rhel7 systems.
Comment 4 Milan Zink 2017-01-06 10:39:46 UTC 
What about moving  rquota.xml firewalld service file nfs-ganesha-firewalld package and remove it from  nfs-ganesha?

(Use case: We are still using iptables-services instead of firewalld due to existing configuration management. We don't want to have both installed to avoid conflicts.)
Comment 5 Kaleb KEITHLEY 2017-01-06 10:59:07 UTC 
We should install the files. If firewalld is installed, they will be used.

Requiring firewalld may have been overkill. I believe we can remove it and assume that if it is there, the rquota.xml, etc., files will be used.

FYI, we don't support iptables-service in RHEL7 so the customer and/or GSS is skating on thin ice. ;-)
Comment 11 surabhi 2017-04-24 08:29:58 UTC 
Verified on the build nfs-ganesha-2.4.4-4. The dependency of firewalld has been removed and now yum deplist for nfs-ganesha does not list firewalld. Also removing firewalld doesn't remove nfs-ganesha packages.

Marking the BZ verified.
Comment 12 surabhi 2017-04-24 09:00:07 UTC 
yum deplist nfs-ganesha | grep firewalld
[root@dhcp46-132 yum.repos.d]# yum remove firewalld
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.4.3.2-8.1.el7_3.2 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================================================================
 Package                               Arch                               Version                                           Repository                             Size
========================================================================================================================================================================
Removing:
 firewalld                             noarch                             0.4.3.2-8.1.el7_3.2                               installed                             1.7 M

Transaction Summary
========================================================================================================================================================================
Remove  1 Package

Installed size: 1.7 M
Is this ok [y/N]:
Comment 16 errata-xmlrpc 2017-09-21 04:47:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:2779