Bug 1004976 - RFE: firewall kickstart command which does not require firewalld
Summary: RFE: firewall kickstart command which does not require firewalld
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: anaconda
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Anaconda Maintenance Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
: 884878 (view as bug list)
Depends On:
Blocks: F18-accepted, F18FinalFreezeExcept
TreeView+ depends on / blocked
 
Reported: 2013-09-05 22:34 UTC by Matthew Miller
Modified: 2014-04-01 14:51 UTC (History)
7 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2014-01-29 20:35:34 UTC


Attachments (Terms of Use)

Description Matthew Miller 2013-09-05 22:34:47 UTC
This is a continuation of bug #815540 except I'm trying to be less alarmist and also less whiny. :)

I'm trying to use create-appliance to build lightweight images. I'd even like to eventually do this with anaconda itself. There are some other ways to do this, but there are advantages to using a real installer as well.

Because this is a container environment, it doesn't need to be running any firewall. However,

 firewall --disaabled

results in failure with

 Unable to run ['/usr/bin/firewall-offline-cmd', '--disabled']!

Could this either be made to not do anything, or a new parameter like "firewall --ignore" be added? 

With the cloud kickstart image, we chose to put workarounds in the %post script. With the container (which may not even have yum), the workarounds get really crazy. We could come up with some new lightweight appliance creation tool, but really, I'd like there to be _more_ convergence here, not less.

Comment 1 Brian Lane 2013-09-05 23:48:48 UTC
The reason why it raises the error is that in the case where you want to be sure the firewall is disabled you'd like to know if that disable failed. Although I guess it could be argued that if the tool is missing odds are it's going to be disabled.

Why not just remove the firewall command from your kickstart?

Also, you really should be using livemedia-creator ;)

Comment 2 Matthew Miller 2013-09-06 01:28:31 UTC
(In reply to Brian C. Lane from comment #1)
> The reason why it raises the error is that in the case where you want to be
> sure the firewall is disabled you'd like to know if that disable failed.
> Although I guess it could be argued that if the tool is missing odds are
> it's going to be disabled.
> 
> Why not just remove the firewall command from your kickstart?

Well, in appliance-creator at least, absence of the firewall line is treated as if you gave 'firewall --enabled'.

I see the point of having the error raised for failed disabled; maybe a separate parameter like "firewall --ignore" for this case? Or, make the missing line mean that, but people might be expecting the missing=default=enable behavior.

> Also, you really should be using livemedia-creator ;)

Well, the idea right now is to make it work with something that is already in koji.

Comment 3 Fedora Update System 2013-09-25 16:04:15 UTC
anaconda-20.20-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/anaconda-20.20-1.fc20

Comment 4 Matthew Miller 2013-09-25 22:57:59 UTC
Awesome -- thank you!

Comment 5 Fedora Update System 2013-09-27 00:32:22 UTC
Package anaconda-20.20-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing anaconda-20.20-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-17681/anaconda-20.20-1.fc20
then log in and leave karma (feedback).

Comment 6 Fedora Update System 2013-09-28 01:17:11 UTC
anaconda-20.21-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/anaconda-20.21-1.fc20

Comment 7 Brian Lane 2013-10-02 17:32:31 UTC
*** Bug 884878 has been marked as a duplicate of this bug. ***

Comment 8 Chris Lumens 2014-04-01 14:51:38 UTC
Don't mind me - just moving this to the component that includes the fix so I don't confuse myself again later on.


Note You need to log in before you can comment on or make changes to this bug.