Bug 988233
Summary: | Anaconda does not exclude certain packages specified in the kickstart configuration | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Richard Neuboeck <hawk> |
Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 19 | CC: | anaconda-maint-list, dshea, g.kaviyarasu, jonathan, mkolman, sbueno, stephent98, vanmeeuwen+fedora |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-08-01 18:20:28 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Richard Neuboeck
2013-07-25 07:18:03 UTC
The installer always pulls in some packages:[1] $ less -N anaconda-19.30.13-1/pyanaconda/install.py ... 152 # anaconda requires storage packages in order to make sure the target 153 # system is bootable and configurable, and some other packages in order 154 # to finish setting up the system. 155 packages = storage.packages + ["authconfig", "firewalld"] + ksdata.realm.packages ... The post-installation section of the kickstart file could probably be used to remove some packages: 15.7. Post-installation Script http://docs.fedoraproject.org/en-US/Fedora/19/html/Installation_Guide/s1-kickstart2-postinstallconfig.html Disclaimer: I have not actually used the post-installation kickstart feature. [1] The installer source is here: https://git.fedorahosted.org/git/anaconda.git Installation Guide RFE: Bug 988328 - RFE: some packages cannot be excluded using a kickstart file (In reply to Steve Tyler from comment #1) > The post-installation section of the kickstart file could probably be used > to remove some packages: > Disclaimer: I have not actually used the post-installation kickstart feature. Thanks for the details! I'm doing exactly that right now - that works ok. But since the feature exists to exclude packages it's kind of annoying to have to crosscheck what may get pulled back. (In reply to Steve Tyler from comment #1) ... > 155 packages = storage.packages + ["authconfig", "firewalld"] + > ksdata.realm.packages ... The installer could probably write its "package" list to a log file, or the Installation Guide could list them. (In reply to Steve Tyler from comment #4) > (In reply to Steve Tyler from comment #1) > ... > > 155 packages = storage.packages + ["authconfig", "firewalld"] + > > ksdata.realm.packages > ... > > The installer could probably write its "package" list to a log file, or the > Installation Guide could list them. Absolutely. If those default packages would be listed in the manual or possibly flagged in the package log file as 'default' it would be much easier than searching in the sources. The installer may already be listing them. This group of four packages matches what the source says: Snippet from anaconda.packaging.log: ... 20:56:31,053 DEBUG packaging: select package grub2 20:56:31,055 DEBUG packaging: select package e2fsprogs 20:56:31,056 DEBUG packaging: select package authconfig 20:56:31,056 DEBUG packaging: select package firewalld ... Since firewalld is a systemd service, another way is to make sure it is disabled after installation: $ sudo systemctl disable firewalld From the packaging.log it's only clear that those are the 'default' packages if you already know that since a lot of others are selected in close proximity to those entries as well. Disabling the service would also be a good way to get rid of it. Thanks! I'm uninstalling this and other packages from within postinstall: %post #!/bin/bash yum -q -y remove firewalld and_others_too %end (In reply to Steve Tyler from comment #7) > Since firewalld is a systemd service, another way is to make sure it is > disabled after installation: > $ sudo systemctl disable firewalld The kickstart "services" option can do exactly that: "--disabled — Disable the services given in the comma separated list." See also the "firewall" option: "firewall --enabled|--disabled [--trust=] <device> [--port=]" 15.4. Kickstart Options http://docs.fedoraproject.org/en-US/Fedora/19/html/Installation_Guide/s1-kickstart2-options.html Adding this to a test kickstart file with your exact package list almost works: services --disabled firewalld --enabled iptables The firewalld service is disabled: # systemctl status firewalld The iptables service is enabled. # systemctl status iptables But "iptables -L" shows no rules. This could be new bug. Tested with: $ qemu-kvm -m 4096 -hda f19-test-3.img -cdrom ~/xfr/fedora/F19/Fedora-19-x86_64-DVD.iso -vga std -boot menu=on (In reply to Steve Tyler from comment #4) ... > The installer could probably write its "package" list to a log file, or the > Installation Guide could list them. I modified install.py on the Live image to log the "packages" variable: 23:10:40,579 INFO anaconda: pre-configured packages: ['grub2', 'e2fsprogs', 'lvm2', 'authconfig', 'firewalld'] == diff -u ... == --- install.py 2013-06-27 08:31:06.000000000 -0700 +++ install.py 2013-07-25 20:15:31.387147358 -0700 @@ -153,6 +153,7 @@ # system is bootable and configurable, and some other packages in order # to finish setting up the system. packages = storage.packages + ["authconfig", "firewalld"] + ksdata.realm.packages + log.info("pre-configured packages: " + str(packages)) # don't try to install packages from the install class' ignored list packages = [p for p in packages if p not in instClass.ignoredPackages] == Tested with: $ qemu-kvm -m 4096 -hda f19-test-3.img -cdrom ~/xfr/fedora/F19/Fedora-Live-Desktop-x86_64-19-1.iso -vga std -boot menu=on Closing this bug since bug 988328 has been opened for the documentation issue. firewalld is the now the default firewall solution for Fedora and is always installed, see https://fedoraproject.org/wiki/Features/firewalld-default Comment 11 was proposing that the anaconda-required packages be logged. As my testing shows, the implementation should be very easy. Should I open a new bug for that as an RFE? Bug 993503 - RFE: log packages required by installer |