Description of problem: Fresh install of engine on a dedicated EL 7.2 host using engine-setup, during closing stage, firewall-cmd fails trying to enable a service "ovirt-vmconsole" that doesn't exist (and doesn't appear to be provided by anything in the 4.2 repo). Version-Release number of selected component (if applicable): otopi.noarch 1.7.7-1.el7.centos @ovirt-4.2 CentOS Linux release 7.4.1708 (Core) How reproducible: Always Steps to Reproduce: 1. Do a fresh engine-setup with either firewalld or iptables configuration option. Tail the log listed during install. 2. Install (hopefully) successfully gets to Closing stage. 3. During close, firewall-cmd errors enabling a service that doesn't exist and stops the rest of close. Actual results: Error: 2018-04-22 14:15:46,601+0100 DEBUG otopi.plugins.otopi.network.firewalld plugin.execute:926 execute-output: ('/bin/firewall-cmd', '--zone', u'public', '--permanent', '--add-service', 'ovirt-postgres') stderr: Error: INVALID_SERVICE: 'ovirt-vmconsole' not among existing services 2018-04-22 14:15:46,601+0100 DEBUG otopi.context context._executeMethod:143 method exception Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/otopi/context.py", line 133, in _executeMethod method['method']() File "/usr/share/otopi/plugins/otopi/network/firewalld.py", line 334, in _closeup '--add-service', service, File "/usr/lib/python2.7/site-packages/otopi/plugin.py", line 931, in execute command=args[0], 112935RuntimeError: Command '/bin/firewall-cmd' failed to execute 2018-04-22 14:15:46,603+0100 ERROR otopi.context context._executeMethod:152 Failed to execute stage 'Closing up': Command '/bin/firewall-cmd' failed to execute Expected results: engine-setup should finish and firewalls should allow engine ports. Additional info: In my case with current 4.2 repo, a "yum provides /usr/lib/systemd/system/ovirt-vmconsole.service" comes back empty as nothing provides it. My only workaround option is to disable "Update Firewall" option in installer answers, which allows install to finish. Note I'm avoiding self-hosted on purpose as an unrelated HA quorum bug has ruined my current installment.
Update - even after disabling firewall config, I just noticed this in firewalld journal: Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: ovirt-vmconsole Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: vdsm Apr 22 14:31:05 $FQDN firewalld[31325]: WARNING: public: INVALID_SERVICE: ovirt-storageconsole This is odd. vdsm should be vdsmd anyway. Is anybody able to deploy currently? This seems like a no-brainer. Thanks
John, you said you were using EL7.2 and then you gave CentOS 7.4 release line. Is this 7.2 or 7.4? Because oVirt 4.2 requires CentOS >= 7.4, won't work on 7.2.
(In reply to Sandro Bonazzola from comment #3) > John, you said you were using EL7.2 and then you gave CentOS 7.4 release > line. > Is this 7.2 or 7.4? Because oVirt 4.2 requires CentOS >= 7.4, won't work on > 7.2. Sorry it was EL7.4. It's been a while so I don't remember why I put 7.2. Definitely the version 7.4.1708 (Core) included below. Thanks!
Please attach relevant logs and clarify where and when you get the error message. IIUC, engine-setup never configures a firewalld service 'ovirt-vmconsole', only 'ovirt-vmconsole-proxy'. On my CentOS 7.4 machine: # rpm -qf /usr/lib/firewalld/services/ovirt-vmconsole.xml firewalld-0.4.4.4-6.el7.noarch Which firewalld do you have installed?
Sorry I've just re-tried this and the repo has been updated with latest ovirt-vmconsole. I think it was just a temporary repo issue strangely. Seems OK now. Mrking closed
Well, still no idea what the problem was, but thanks for the report anyway :-) If it happens again, please provide more details. Thanks.