Bug 1413447

Summary: firewalld should be installed in containerized RHEL installation
Product: OpenShift Container Platform Reporter: Gan Huang <ghuang>
Component: InstallerAssignee: Russell Teague <rteague>
Status: CLOSED CURRENTRELEASE QA Contact: Gan Huang <ghuang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.5.0CC: aos-bugs, gpei, jokerman, mmccomas, rteague
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: A 'when' clause was present on the firewalld service installation task. Consequence: The installation was skipped for firewalld when running a containerized install. Fix: Removed 'when' clause from firewalld installation task. Result: firewalld is installed properly when running a containerized install.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-08 13:50:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gan Huang 2017-01-16 02:42:53 UTC 
Description of problem:
Trigger a containerized installation on RHEL (firewalld not installed), installer would fail at "Start and enable firewalld service"

Version-Release number of selected component (if applicable):
openshift-ansible-3.5.0-1.git.0.847bfb9.el7.noarch.rpm

How reproducible:
always

Steps to Reproduce:
1. Trigger a containerized installation on RHEL (firewalld not installed)


Actual results:
TASK [os_firewall : Install firewalld packages] ********************************
Monday 16 January 2017  02:15:08 +0000 (0:00:00.121)       0:00:34.161 ******** 
skipping: [ec2-54-221-84-253.compute-1.amazonaws.com] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}

TASK [os_firewall : Ensure iptables services are not enabled] ******************
Monday 16 January 2017  02:15:09 +0000 (0:00:00.168)       0:00:34.329 ******** 

ok: [ec2-54-221-84-253.compute-1.amazonaws.com] => (item=iptables) => {"failed": false, "failed_when_result": false, "item": "iptables", "msg": "Could not find the requested service \"'iptables'\": "}
ok: [ec2-54-221-84-253.compute-1.amazonaws.com] => (item=ip6tables) => {"failed": false, "failed_when_result": false, "item": "ip6tables", "msg": "Could not find the requested service \"'ip6tables'\": "}

TASK [os_firewall : Start and enable firewalld service] ************************
Monday 16 January 2017  02:15:10 +0000 (0:00:01.290)       0:00:35.620 ******** 

fatal: [ec2-54-221-84-253.compute-1.amazonaws.com]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service \"'firewalld'\": "}

Expected results:
Firewalld should be installed at task "Install firewalld packages"

Additional info:
Comment 1 Russell Teague 2017-01-24 18:41:38 UTC 
Proposed: https://github.com/openshift/openshift-ansible/pull/3164
Comment 2 Russell Teague 2017-01-25 13:22:28 UTC 
Merged: https://github.com/openshift/openshift-ansible/pull/3164
Comment 3 Gan Huang 2017-02-06 05:41:14 UTC 
Verified with openshift-ansible-3.5.3-1.git.0.80c2436.el7.noarch.rpm

Containerized installation succeed on RHEL 7 (firewalld not installed) and Atomic Host