Bug 1570391
| Summary: | Engine-setup fails at stage 'Closing up': Command '/bin/firewall-cmd' failed to execute. | ||
|---|---|---|---|
| Product: | [oVirt] otopi | Reporter: | John Boero <boeroboy> |
| Component: | Core | Assignee: | Yedidyah Bar David <didi> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Pavel Stehlik <pstehlik> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | master | CC: | boeroboy, bugs |
| Target Milestone: | ovirt-4.2.4 | Flags: | rule-engine:
ovirt-4.2+
rule-engine: exception+ |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-06-11 11:28:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Update - even after disabling firewall config, I just noticed this in firewalld journal: Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: ovirt-vmconsole Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: vdsm Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: ovirt-storageconsole This is odd. vdsm should be vdsmd anyway. Is anybody able to deploy currently? This seems like a no-brainer. Thanks Update - even after disabling firewall config, I just noticed this in firewalld journal: Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: ovirt-vmconsole Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: vdsm Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: ovirt-storageconsole This is odd. vdsm should be vdsmd anyway. Is anybody able to deploy currently? This seems like a no-brainer. Thanks John, you said you were using EL7.2 and then you gave CentOS 7.4 release line. Is this 7.2 or 7.4? Because oVirt 4.2 requires CentOS >= 7.4, won't work on 7.2. (In reply to Sandro Bonazzola from comment #3) > John, you said you were using EL7.2 and then you gave CentOS 7.4 release > line. > Is this 7.2 or 7.4? Because oVirt 4.2 requires CentOS >= 7.4, won't work on > 7.2. Sorry it was EL7.4. It's been a while so I don't remember why I put 7.2. Definitely the version 7.4.1708 (Core) included below. Thanks! Please attach relevant logs and clarify where and when you get the error message. IIUC, engine-setup never configures a firewalld service 'ovirt-vmconsole', only 'ovirt-vmconsole-proxy'. On my CentOS 7.4 machine: # rpm -qf /usr/lib/firewalld/services/ovirt-vmconsole.xml firewalld-0.4.4.4-6.el7.noarch Which firewalld do you have installed? Sorry I've just re-tried this and the repo has been updated with latest ovirt-vmconsole. I think it was just a temporary repo issue strangely. Seems OK now. Mrking closed Well, still no idea what the problem was, but thanks for the report anyway :-) If it happens again, please provide more details. Thanks. |
Description of problem: Fresh install of engine on a dedicated EL 7.2 host using engine-setup, during closing stage, firewall-cmd fails trying to enable a service "ovirt-vmconsole" that doesn't exist (and doesn't appear to be provided by anything in the 4.2 repo). Version-Release number of selected component (if applicable): otopi.noarch 1.7.7-1.el7.centos @ovirt-4.2 CentOS Linux release 7.4.1708 (Core) How reproducible: Always Steps to Reproduce: 1. Do a fresh engine-setup with either firewalld or iptables configuration option. Tail the log listed during install. 2. Install (hopefully) successfully gets to Closing stage. 3. During close, firewall-cmd errors enabling a service that doesn't exist and stops the rest of close. Actual results: Error: 2018-04-22 14:15:46,601+0100 DEBUG otopi.plugins.otopi.network.firewalld plugin.execute:926 execute-output: ('/bin/firewall-cmd', '--zone', u'public', '--permanent', '--add-service', 'ovirt-postgres') stderr: Error: INVALID_SERVICE: 'ovirt-vmconsole' not among existing services 2018-04-22 14:15:46,601+0100 DEBUG otopi.context context._executeMethod:143 method exception Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in _executeMethod method['method']() File "/usr/share/otopi/plugins/otopi/network/firewalld.py", line 334, in _closeup '--add-service', service, File "/usr/lib/python2.7/site-packages/otopi/plugin.py", line 931, in execute command=args[0], 112935RuntimeError: Command '/bin/firewall-cmd' failed to execute 2018-04-22 14:15:46,603+0100 ERROR otopi.context context._executeMethod:152 Failed to execute stage 'Closing up': Command '/bin/firewall-cmd' failed to execute Expected results: engine-setup should finish and firewalls should allow engine ports. Additional info: In my case with current 4.2 repo, a "yum provides /usr/lib/systemd/system/ovirt-vmconsole.service" comes back empty as nothing provides it. My only workaround option is to disable "Update Firewall" option in installer answers, which allows install to finish. Note I'm avoiding self-hosted on purpose as an unrelated HA quorum bug has ruined my current installment.