Description of problem:
Fresh install of engine on a dedicated EL 7.2 host using engine-setup, during closing stage, firewall-cmd fails trying to enable a service "ovirt-vmconsole" that doesn't exist (and doesn't appear to be provided by anything in the 4.2 repo).
Version-Release number of selected component (if applicable):
otopi.noarch 1.7.7-1.el7.centos @ovirt-4.2
CentOS Linux release 7.4.1708 (Core)
Steps to Reproduce:
1. Do a fresh engine-setup with either firewalld or iptables configuration option. Tail the log listed during install.
2. Install (hopefully) successfully gets to Closing stage.
3. During close, firewall-cmd errors enabling a service that doesn't exist and stops the rest of close.
2018-04-22 14:15:46,601+0100 DEBUG otopi.plugins.otopi.network.firewalld plugin.execute:926 execute-output: ('/bin/firewall-cmd', '--zone', u'public', '--permanent', '--add-service', 'ovirt-postgres') stderr:
Error: INVALID_SERVICE: 'ovirt-vmconsole' not among existing services
2018-04-22 14:15:46,601+0100 DEBUG otopi.context context._executeMethod:143 method exception
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in _executeMethod
File "/usr/share/otopi/plugins/otopi/network/firewalld.py", line 334, in _closeup
File "/usr/lib/python2.7/site-packages/otopi/plugin.py", line 931, in execute
112935RuntimeError: Command '/bin/firewall-cmd' failed to execute
2018-04-22 14:15:46,603+0100 ERROR otopi.context context._executeMethod:152 Failed to execute stage 'Closing up': Command '/bin/firewall-cmd' failed to execute
engine-setup should finish and firewalls should allow engine ports.
In my case with current 4.2 repo, a "yum provides /usr/lib/systemd/system/ovirt-vmconsole.service" comes back empty as nothing provides it.
My only workaround option is to disable "Update Firewall" option in installer answers, which allows install to finish. Note I'm avoiding self-hosted on purpose as an unrelated HA quorum bug has ruined my current installment.
Update - even after disabling firewall config, I just noticed this in firewalld journal:
Apr 22 14:31:05 $FQDN firewalld: WARNING: public: INVALID_SERVICE: ovirt-vmconsole
Apr 22 14:31:05 $FQDN firewalld: WARNING: public: INVALID_SERVICE: vdsm
Apr 22 14:31:05 $FQDN firewalld: WARNING: public: INVALID_SERVICE: ovirt-storageconsole
This is odd. vdsm should be vdsmd anyway. Is anybody able to deploy currently? This seems like a no-brainer.
John, you said you were using EL7.2 and then you gave CentOS 7.4 release line.
Is this 7.2 or 7.4? Because oVirt 4.2 requires CentOS >= 7.4, won't work on 7.2.
(In reply to Sandro Bonazzola from comment #3)
> John, you said you were using EL7.2 and then you gave CentOS 7.4 release
> Is this 7.2 or 7.4? Because oVirt 4.2 requires CentOS >= 7.4, won't work on
Sorry it was EL7.4. It's been a while so I don't remember why I put 7.2. Definitely the version 7.4.1708 (Core) included below.
Please attach relevant logs and clarify where and when you get the error message.
IIUC, engine-setup never configures a firewalld service 'ovirt-vmconsole', only 'ovirt-vmconsole-proxy'.
On my CentOS 7.4 machine:
# rpm -qf /usr/lib/firewalld/services/ovirt-vmconsole.xml
Which firewalld do you have installed?
Sorry I've just re-tried this and the repo has been updated with latest ovirt-vmconsole. I think it was just a temporary repo issue strangely. Seems OK now.
Well, still no idea what the problem was, but thanks for the report anyway :-)
If it happens again, please provide more details. Thanks.