Bug 1413447 - firewalld should be installed in containerized RHEL installation
Summary: firewalld should be installed in containerized RHEL installation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.5.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Russell Teague
QA Contact: Gan Huang
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-16 02:42 UTC by Gan Huang
Modified: 2017-07-24 14:11 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: A 'when' clause was present on the firewalld service installation task. Consequence: The installation was skipped for firewalld when running a containerized install. Fix: Removed 'when' clause from firewalld installation task. Result: firewalld is installed properly when running a containerized install.
Clone Of:
Environment:
Last Closed: 2017-03-08 13:50:29 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:0903 normal SHIPPED_LIVE OpenShift Container Platform atomic-openshift-utils bug fix and enhancement 2017-04-12 22:45:42 UTC

Description Gan Huang 2017-01-16 02:42:53 UTC
Description of problem:
Trigger a containerized installation on RHEL (firewalld not installed), installer would fail at "Start and enable firewalld service"

Version-Release number of selected component (if applicable):
openshift-ansible-3.5.0-1.git.0.847bfb9.el7.noarch.rpm

How reproducible:
always

Steps to Reproduce:
1. Trigger a containerized installation on RHEL (firewalld not installed)


Actual results:
TASK [os_firewall : Install firewalld packages] ********************************
Monday 16 January 2017  02:15:08 +0000 (0:00:00.121)       0:00:34.161 ******** 
skipping: [ec2-54-221-84-253.compute-1.amazonaws.com] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}

TASK [os_firewall : Ensure iptables services are not enabled] ******************
Monday 16 January 2017  02:15:09 +0000 (0:00:00.168)       0:00:34.329 ******** 

ok: [ec2-54-221-84-253.compute-1.amazonaws.com] => (item=iptables) => {"failed": false, "failed_when_result": false, "item": "iptables", "msg": "Could not find the requested service \"'iptables'\": "}
ok: [ec2-54-221-84-253.compute-1.amazonaws.com] => (item=ip6tables) => {"failed": false, "failed_when_result": false, "item": "ip6tables", "msg": "Could not find the requested service \"'ip6tables'\": "}

TASK [os_firewall : Start and enable firewalld service] ************************
Monday 16 January 2017  02:15:10 +0000 (0:00:01.290)       0:00:35.620 ******** 

fatal: [ec2-54-221-84-253.compute-1.amazonaws.com]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service \"'firewalld'\": "}

Expected results:
Firewalld should be installed at task "Install firewalld packages"

Additional info:

Comment 1 Russell Teague 2017-01-24 18:41:38 UTC
Proposed: https://github.com/openshift/openshift-ansible/pull/3164

Comment 2 Russell Teague 2017-01-25 13:22:28 UTC
Merged: https://github.com/openshift/openshift-ansible/pull/3164

Comment 3 Gan Huang 2017-02-06 05:41:14 UTC
Verified with openshift-ansible-3.5.3-1.git.0.80c2436.el7.noarch.rpm

Containerized installation succeed on RHEL 7 (firewalld not installed) and Atomic Host


Note You need to log in before you can comment on or make changes to this bug.