Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1056927

Summary: [engine-setup] - standalone value (iptables) is not considered as usable value CentOS6
Product: [Retired] oVirt Reporter: Pavel Stehlik <pstehlik>
Component: ovirt-engine-installerAssignee: Yedidyah Bar David <didi>
Status: CLOSED NOTABUG QA Contact: sefi litmanovich <slitmano>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.4CC: acathrow, alonbl, bazulay, gklein, iheim, oschreib, pstehlik, sbonazzo, yeylon
Target Milestone: ---Keywords: UserExperience
Target Release: 3.4.0Flags: didi: needinfo?
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: integration
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-17 14:51:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
iptables.png
none
setup-log.tgz none

Description Pavel Stehlik 2014-01-23 08:01:49 UTC
Created attachment 854243 [details]
iptables.png

Description of problem:
 During installation on CentOS6 is configuration of firewall offered, however the only value is in parentheses '(iptables)' instead offering default brackets '[iptables]' - so after hitting Enter value was considered as an error. 
See att scrnsht (sry had issue with copying on my workstation so used visual method).
 
Log:
...
2014-01-23 02:09:40 DEBUG otopi.plugins.otopi.dialog.human human.queryString:153 query OVESETUP_CONFIG_FIREWALL_MANAGER
2014-01-23 02:09:40 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:215 DIALOG:SEND                 Firewall manager to configure (iptables):
2014-01-23 02:09:42 ERROR otopi.plugins.otopi.dialog.human human.queryString:177 Invalid value
2014-01-23 02:09:42 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:215 DIALOG:SEND                 Firewall manager to configure (iptables):
2014-01-23 02:09:50 DEBUG otopi.plugins.otopi.dialog.human dialog.__logString:215 DIALOG:RECEIVE    iptables
2014-01-23 02:09:50 INFO otopi.plugins.ovirt_engine_setup.base.network.firewall_manager firewall_manager._customization:191 iptables will be configured as firewall manager.
...


Version-Release number of selected component (if applicable):
ovirt-engine-setup-3.4.0-0.5.beta1.el6.noarch

How reproducible:


Steps to Reproduce:
1. install ovirt on cent6
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Pavel Stehlik 2014-01-23 08:04:15 UTC
Created attachment 854244 [details]
setup-log.tgz

Comment 2 Yedidyah Bar David 2014-02-16 12:39:55 UTC
This happens if the iptables service is not active on the machine prior to running setup. The logic was that activating it (rather than just changing the configuration) is a significant change that the user should not accept by merely pressing 'Enter'.

Current behavior is:
1. We support as firewall managers 'iptables' and 'firewalld'.
2. If one of them is active, it's selected automatically
3. Otherwise we let the user choose among those found on the system.

So on RHEL/Centos 6 there is only one choice by default (unless user installed firewalld, which is actually possible) - 'iptables'.

So what you actually want is that if there is no active manager, and only one is found on the system, it will be selected automatically (just as if it was found active)?

Comment 3 Alon Bar-Lev 2014-02-16 13:51:39 UTC
(In reply to Yedidyah Bar David from comment #2)
> So what you actually want is that if there is no active manager, and only
> one is found on the system, it will be selected automatically (just as if it
> was found active)?

Selecting to enable firewall automatically is something that I would like to avoid, this is why we added this phase... to make sure the user knows what he is doing.

For example, at Gentoo if I have unsupported firewall firehol, and I select yes, configure my firewall, then I am prompted for iptables, I know that something bad is going to happen.

Comment 4 Ofer Schreiber 2014-02-17 14:51:30 UTC
I'm closing this bug, as this behavior works as designed.
If you still thinks this is a bug, please reopen.