Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Cannot disable firewall via kickstart|
|Product:||[Fedora] Fedora||Reporter:||John Florian <john.florian>|
|Component:||anaconda||Assignee:||Anaconda Maintenance Team <anaconda-maint-list>|
|Status:||CLOSED DUPLICATE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||16||CC:||anaconda-maint-list, jonathan, vanmeeuwen+fedora|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2011-12-21 13:04:40 EST||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description John Florian 2011-12-20 09:41:03 EST
Description of problem: It appears that with the introduction of systemd and native units for iptables.service, it is no longer possible to have a kickstart disable this service using the conventional "firewall --disabled" directive. Version-Release number of selected component (if applicable): Whatever shipped with the F16 DVD image, which I suspect is 16.25-1.fc16. How reproducible: always Steps to Reproduce: 1. Modify an existing kickstart file to include the "firewall --disabled" directive. 2. Make a spin. Actual results: The custom spin still has iptables.service enabled. Expected results: The iptables.service should be disabled. Additional info: I'm actually producing the spins with livecd-tools, if that somehow matters.
Comment 1 Chris Lumens 2011-12-20 10:07:41 EST
Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we can see what's going on. Thanks.
Comment 2 John Florian 2011-12-20 10:43:44 EST
(In reply to comment #1) > Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we > can see what's going on. Thanks. Those would be immensely helpful and I'd be happy to, but I don't know that those are available when using livecd-creator. I've used the --shell option and looked around for them at that stage and found nothing. I also looked around on the host which is running livecd-creator, but found nothing there either. Any ideas? For the record, I also tried changing "firewall --disabled" to "firewall --enabled --service=ssh" and that seemed to have no affect either. With that, the iptables service is still enabled, but port 22 hasn't been opened up.
Comment 3 John Florian 2011-12-20 16:33:17 EST
Upon further review of things, I think perhaps this bug should be filed not against anaconda, but to python-imgcreate instead. I would have guessed that livecd-tools somehow wrapped around anaconda, but it appears to use python-imgcreate which has its own kickstart parser and related methods to emulate what anaconda does. Or perhaps anaconda also uses python-imgcreate?
Comment 4 Chris Lumens 2011-12-21 13:04:40 EST
*** This bug has been marked as a duplicate of bug 733778 ***
Comment 5 John Florian 2011-12-21 13:35:56 EST
I don't believe this is a duplicate. My situation requires the use of livecd-tools (and python-imgcreate indirectly) whereas #733778 makes no mention of either. This problem may be related to another bug I also filed yesterday, #769457.