1413447 – firewalld should be installed in containerized RHEL installation

Bug 1413447 - firewalld should be installed in containerized RHEL installation

Summary: firewalld should be installed in containerized RHEL installation

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Russell Teague
QA Contact:	Gan Huang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-01-16 02:42 UTC by Gan Huang
Modified:	2017-07-24 14:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: A 'when' clause was present on the firewalld service installation task. Consequence: The installation was skipped for firewalld when running a containerized install. Fix: Removed 'when' clause from firewalld installation task. Result: firewalld is installed properly when running a containerized install.
Clone Of:
Environment:
Last Closed:	2017-03-08 13:50:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2017:0903	0	normal	SHIPPED_LIVE	OpenShift Container Platform atomic-openshift-utils bug fix and enhancement	2017-04-12 22:45:42 UTC

Description Gan Huang 2017-01-16 02:42:53 UTC

Description of problem:
Trigger a containerized installation on RHEL (firewalld not installed), installer would fail at "Start and enable firewalld service"

Version-Release number of selected component (if applicable):
openshift-ansible-3.5.0-1.git.0.847bfb9.el7.noarch.rpm

How reproducible:
always

Steps to Reproduce:
1. Trigger a containerized installation on RHEL (firewalld not installed)


Actual results:
TASK [os_firewall : Install firewalld packages] ********************************
Monday 16 January 2017  02:15:08 +0000 (0:00:00.121)       0:00:34.161 ******** 
skipping: [ec2-54-221-84-253.compute-1.amazonaws.com] => {"changed": false, "skip_reason": "Conditional check failed", "skipped": true}

TASK [os_firewall : Ensure iptables services are not enabled] ******************
Monday 16 January 2017  02:15:09 +0000 (0:00:00.168)       0:00:34.329 ******** 

ok: [ec2-54-221-84-253.compute-1.amazonaws.com] => (item=iptables) => {"failed": false, "failed_when_result": false, "item": "iptables", "msg": "Could not find the requested service \"'iptables'\": "}
ok: [ec2-54-221-84-253.compute-1.amazonaws.com] => (item=ip6tables) => {"failed": false, "failed_when_result": false, "item": "ip6tables", "msg": "Could not find the requested service \"'ip6tables'\": "}

TASK [os_firewall : Start and enable firewalld service] ************************
Monday 16 January 2017  02:15:10 +0000 (0:00:01.290)       0:00:35.620 ******** 

fatal: [ec2-54-221-84-253.compute-1.amazonaws.com]: FAILED! => {"changed": false, "failed": true, "msg": "Could not find the requested service \"'firewalld'\": "}

Expected results:
Firewalld should be installed at task "Install firewalld packages"

Additional info:

Comment 1 Russell Teague 2017-01-24 18:41:38 UTC

Proposed: https://github.com/openshift/openshift-ansible/pull/3164

Comment 2 Russell Teague 2017-01-25 13:22:28 UTC

Merged: https://github.com/openshift/openshift-ansible/pull/3164

Comment 3 Gan Huang 2017-02-06 05:41:14 UTC

Verified with openshift-ansible-3.5.3-1.git.0.80c2436.el7.noarch.rpm

Containerized installation succeed on RHEL 7 (firewalld not installed) and Atomic Host

Note You need to log in before you can comment on or make changes to this bug.