Bug 769339

Summary: Cannot disable firewall via kickstart
Product: [Fedora] Fedora Reporter: John Florian <john.florian>
Component: anacondaAssignee: Anaconda Maintenance Team <anaconda-maint-list>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: anaconda-maint-list, jonathan, vanmeeuwen+fedora
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-21 13:04:40 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:

Description John Florian 2011-12-20 09:41:03 EST
Description of problem:
It appears that with the introduction of systemd and native units for iptables.service, it is no longer possible to have a kickstart disable this service using the conventional "firewall --disabled" directive.

Version-Release number of selected component (if applicable):
Whatever shipped with the F16 DVD image, which I suspect is 16.25-1.fc16.

How reproducible:
always

Steps to Reproduce:
1. Modify an existing kickstart file to include the "firewall --disabled" directive.
2. Make a spin.
  
Actual results:
The custom spin still has iptables.service enabled.

Expected results:
The iptables.service should be disabled.

Additional info:
I'm actually producing the spins with livecd-tools, if that somehow matters.
Comment 1 Chris Lumens 2011-12-20 10:07:41 EST
Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we can see what's going on.  Thanks.
Comment 2 John Florian 2011-12-20 10:43:44 EST
(In reply to comment #1)
> Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we
> can see what's going on.  Thanks.

Those would be immensely helpful and I'd be happy to, but I don't know that those are available when using livecd-creator.  I've used the --shell option and looked around for them at that stage and found nothing.  I also looked around on the host which is running livecd-creator, but found nothing there either.

Any ideas?

For the record, I also tried changing "firewall --disabled" to "firewall --enabled --service=ssh" and that seemed to have no affect either.  With that, the iptables service is still enabled, but port 22 hasn't been opened up.
Comment 3 John Florian 2011-12-20 16:33:17 EST
Upon further review of things, I think perhaps this bug should be filed not against anaconda, but to python-imgcreate instead.  I would have guessed that livecd-tools somehow wrapped around anaconda, but it appears to use python-imgcreate which has its own kickstart parser and related methods to emulate what anaconda does.  Or perhaps anaconda also uses python-imgcreate?
Comment 4 Chris Lumens 2011-12-21 13:04:40 EST

*** This bug has been marked as a duplicate of bug 733778 ***
Comment 5 John Florian 2011-12-21 13:35:56 EST
I don't believe this is a duplicate.  My situation requires the use of livecd-tools (and python-imgcreate indirectly) whereas #733778 makes no mention of either.

This problem may be related to another bug I also filed yesterday, #769457.