This is a continuation of bug #815540 except I'm trying to be less alarmist and also less whiny. :)
I'm trying to use create-appliance to build lightweight images. I'd even like to eventually do this with anaconda itself. There are some other ways to do this, but there are advantages to using a real installer as well.
Because this is a container environment, it doesn't need to be running any firewall. However,
results in failure with
Unable to run ['/usr/bin/firewall-offline-cmd', '--disabled']!
Could this either be made to not do anything, or a new parameter like "firewall --ignore" be added?
With the cloud kickstart image, we chose to put workarounds in the %post script. With the container (which may not even have yum), the workarounds get really crazy. We could come up with some new lightweight appliance creation tool, but really, I'd like there to be _more_ convergence here, not less.
The reason why it raises the error is that in the case where you want to be sure the firewall is disabled you'd like to know if that disable failed. Although I guess it could be argued that if the tool is missing odds are it's going to be disabled.
Why not just remove the firewall command from your kickstart?
Also, you really should be using livemedia-creator ;)
(In reply to Brian C. Lane from comment #1)
> The reason why it raises the error is that in the case where you want to be
> sure the firewall is disabled you'd like to know if that disable failed.
> Although I guess it could be argued that if the tool is missing odds are
> it's going to be disabled.
> Why not just remove the firewall command from your kickstart?
Well, in appliance-creator at least, absence of the firewall line is treated as if you gave 'firewall --enabled'.
I see the point of having the error raised for failed disabled; maybe a separate parameter like "firewall --ignore" for this case? Or, make the missing line mean that, but people might be expecting the missing=default=enable behavior.
> Also, you really should be using livemedia-creator ;)
Well, the idea right now is to make it work with something that is already in koji.
anaconda-20.20-1.fc20 has been submitted as an update for Fedora 20.
Awesome -- thank you!
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing anaconda-20.20-1.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
anaconda-20.21-1.fc20 has been submitted as an update for Fedora 20.
*** Bug 884878 has been marked as a duplicate of this bug. ***
Don't mind me - just moving this to the component that includes the fix so I don't confuse myself again later on.