Bug 734992

Summary: Why is iptables config file missing after using kickstart build for RHEL 5.7?
Product: Red Hat Enterprise Linux 5 Reporter: Kamal Maiti <kmaiti>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Release Test Team <release-test-team-automation>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.7CC: syeghiay
Target Milestone: rc   
Target Release: 5.8   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-10-11 19:23:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Kamal Maiti 2011-09-01 06:02:45 UTC 
Description of problem:

It's missing iptables config after using kickstart build for RHEL 5.7

Version-Release number of selected component (if applicable):

system-config-securitylevel-tui
Installing RHEL 5.7 using kickstart

How reproducible:

The iptables config file is missing after completing the installation while customer uses following options at kickstart file :

----
. . . .
firewall --enabled --port=22:tcp
## open Firewall Ports for TSM
firewall --enabled --port=1500:tcp
firewall --enabled --port=1501:tcp
firewall --enabled --port=1502:tcp

authconfig --enableshadow --enablemd5
selinux --enforcing

. . . . 
%packages
. . . . 
-system-config-securitylevel-tui
----

Note that he excluded package system-config-securitylevel-tui here. And I have just mentioned important fireall related options from their kickstart file.

Steps to Reproduce:
1. As described above.
2. Also when they specify "selinux --permissive" in the command section, but the machines comes up in enforcing mode. This may be another issue. 
3.
  
Actual results:

It's missing iptables config after using kickstart build for RHEL 5.7

Expected results:

Iptables config file will be present.

Additional info:

When they take out line "-system-config-securitylevel-tui" from kickstart file, it works as expected. In their own words :

"I have identified the problem. We are excluding system-config-securitylevel-tui in our packages list. When I take out the "-system-config-securitylevel-tui" line, the firewall & selinux commands are no longer ignored. I consider this to be a bug."

For more information we can check case#00517881 at sfdc.

*** Also component "system-config-securitylevel-tui" should be listed in our bugzilla component list.
Comment 1 Thomas Woerner 2011-09-01 07:44:40 UTC 
This is an installation issue, therefore I am assigning this to anaconda.

There is no component system-config-securitylevel-tui, because system-config-securitylevel-tui is a sub package of the component system-config-securitylevel.
Comment 2 Kamal Maiti 2011-09-01 08:46:35 UTC 
Thanks Thomas.
Comment 3 Chris Lumens 2011-09-05 19:38:29 UTC 
anaconda should enforce the installation of system-config-firewall-tui regardless of what you do in your kickstart file.  Please attach /tmp/anaconda.log to this bug report so we can get some more context.  Thanks.
Comment 4 Kamal Maiti 2011-09-06 05:01:34 UTC 
No problem. I shall provide that file and update you.
Comment 5 David Cantrell 2011-10-11 19:23:55 UTC 
Feel free to reopen this bug if you can provide the requested information.