Bug 1004976 - RFE: firewall kickstart command which does not require firewalld
RFE: firewall kickstart command which does not require firewalld
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
20
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Anaconda Maintenance Team
Fedora Extras Quality Assurance
:
: 884878 (view as bug list)
Depends On:
Blocks: F18-accepted/F18FinalFreezeExcept
  Show dependency treegraph
 
Reported: 2013-09-05 18:34 EDT by Matthew Miller
Modified: 2014-04-01 10:51 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-01-29 15:35:34 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Miller 2013-09-05 18:34:47 EDT
This is a continuation of bug #815540 except I'm trying to be less alarmist and also less whiny. :)

I'm trying to use create-appliance to build lightweight images. I'd even like to eventually do this with anaconda itself. There are some other ways to do this, but there are advantages to using a real installer as well.

Because this is a container environment, it doesn't need to be running any firewall. However,

 firewall --disaabled

results in failure with

 Unable to run ['/usr/bin/firewall-offline-cmd', '--disabled']!

Could this either be made to not do anything, or a new parameter like "firewall --ignore" be added? 

With the cloud kickstart image, we chose to put workarounds in the %post script. With the container (which may not even have yum), the workarounds get really crazy. We could come up with some new lightweight appliance creation tool, but really, I'd like there to be _more_ convergence here, not less.
Comment 1 Brian Lane 2013-09-05 19:48:48 EDT
The reason why it raises the error is that in the case where you want to be sure the firewall is disabled you'd like to know if that disable failed. Although I guess it could be argued that if the tool is missing odds are it's going to be disabled.

Why not just remove the firewall command from your kickstart?

Also, you really should be using livemedia-creator ;)
Comment 2 Matthew Miller 2013-09-05 21:28:31 EDT
(In reply to Brian C. Lane from comment #1)
> The reason why it raises the error is that in the case where you want to be
> sure the firewall is disabled you'd like to know if that disable failed.
> Although I guess it could be argued that if the tool is missing odds are
> it's going to be disabled.
> 
> Why not just remove the firewall command from your kickstart?

Well, in appliance-creator at least, absence of the firewall line is treated as if you gave 'firewall --enabled'.

I see the point of having the error raised for failed disabled; maybe a separate parameter like "firewall --ignore" for this case? Or, make the missing line mean that, but people might be expecting the missing=default=enable behavior.

> Also, you really should be using livemedia-creator ;)

Well, the idea right now is to make it work with something that is already in koji.
Comment 3 Fedora Update System 2013-09-25 12:04:15 EDT
anaconda-20.20-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/anaconda-20.20-1.fc20
Comment 4 Matthew Miller 2013-09-25 18:57:59 EDT
Awesome -- thank you!
Comment 5 Fedora Update System 2013-09-26 20:32:22 EDT
Package anaconda-20.20-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing anaconda-20.20-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-17681/anaconda-20.20-1.fc20
then log in and leave karma (feedback).
Comment 6 Fedora Update System 2013-09-27 21:17:11 EDT
anaconda-20.21-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/anaconda-20.21-1.fc20
Comment 7 Brian Lane 2013-10-02 13:32:31 EDT
*** Bug 884878 has been marked as a duplicate of this bug. ***
Comment 8 Chris Lumens 2014-04-01 10:51:38 EDT
Don't mind me - just moving this to the component that includes the fix so I don't confuse myself again later on.

Note You need to log in before you can comment on or make changes to this bug.