Bug 126550 - kickstart firewall --port syntax not recognized by anaconda
kickstart firewall --port syntax not recognized by anaconda
Status: CLOSED RAWHIDE
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: anaconda (Show other bugs)
3.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Mike McLean
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-06-22 21:43 EDT by George Lancina
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-04-24 15:05:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The working ks file, with the offending firewall line commented (1.50 KB, text/plain)
2004-06-23 17:18 EDT, George Lancina
no flags Details

  None (edit)
Description George Lancina 2004-06-22 21:43:41 EDT
Description of problem:

It seems that the script syntax generated by redhat-config-kickstart
for enabling the firewall and customizing the port(s) allowed is not
understood by the anaconda installer on the CD.

I used redhat-config-kickstart to generate an example with the
firewall enabled with http, ssh, ports 53/tcp, 53/udp and 443/tcp
opened.  The generated firewall line is:
firewall --enable --http --ssh --port=53:tcp,53:udp,443:tcp

I then used this example to modify the anaconda-ks.cfg generated
during the install of my 'prototype'.  This is the error that I get


Version-Release number of selected component (if applicable):
kickstart rpm: redhat-config-kickstart-2.3.22-3
installation CD: rhel-3-U2-i386-as-disc1

How reproducible:
Use a kickstart file with 'firewall --enable ... --port=...'

Steps to Reproduce:
1. Edit an existing kickstart file or create a new one
2. For the firewall entry use firewall --enable --port=443:tcp and any
other valid arguments
3. Use the file to automate an install
  
Actual results:
Install aborts with the following error:

Traceback (most recent call last):
  File "/usr/bin/anaconda", line 1042, in ?
    instClass.setInstallData(id)
  File "/usr/lib/naconda/kickstart.py", line 1218, in setInstallData
    self.readKickstart(id, self.file)
  File "/usr/lib/anaconda/kickstart.py", line 677, in readKickstart
    handlers[args[0]](id, args[1:])
  File "/usr/lib/anaconda/kickstart.py", line 100 in doFirewall
    ['dhcp', 'ssh', 'telnet', 'smtp', 'http', 'ftp', 'enabled',
  File "/usr/lib/anaconda/isys.py", line 443, in getopt
    return apply(_isys.getopt, args)
TypeError: bad argument --port=443:tcp: unknown option

  install exited abnormally
  etc.

Expected results:


Additional info:

It seems obvious that the scripts on the installation media don't know
about the --port option.
Comment 1 Brent Fox 2004-06-23 14:19:17 EDT
Please attach the kickstart file that you created.
Comment 2 George Lancina 2004-06-23 17:18:54 EDT
Created attachment 101363 [details]
The working ks file, with the offending firewall line commented

This is the working version with the offending firewall line commented out and
my root password removed as noted.
Comment 3 Brent Fox 2004-06-23 18:10:33 EDT
I'm going to change the component of this bug to anaconda since the
kickstart file looks ok to me.  

This is the line that is causing the problem:
firewall --enabled --http --ftp --ssh --smtp --port=443:tcp

However, this line looks ok to me according to the RHEL3 documentation
at
http://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/sysadmin-guide/s1-kickstart2-options.html

Either this is an anaconda bug or the kickstart docs are wrong.
Comment 4 Jeremy Katz 2004-06-24 15:12:50 EDT
There was a typo in U2, fixed for U3.
Comment 5 Jeremy Katz 2006-04-24 15:05:38 EDT
Mass-closing lots of old bugs which are in MODIFIED (and thus presumed to be
fixed).  If any of these are still a problem, please reopen or file a new bug
against the release which they're occurring in so they can be properly tracked.

Note You need to log in before you can comment on or make changes to this bug.