Bug 1597121 - [ansible] deploy on fedora fails with unsupported version of firewalld
Summary: [ansible] deploy on fedora fails with unsupported version of firewalld
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: Host-Deploy
Version: 4.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
high vote
Target Milestone: ovirt-4.3.5
: ---
Assignee: Ondra Machacek
QA Contact: Lukas Svaty
URL:
Whiteboard:
Depends On:
Blocks: oVirt_on_Fedora
TreeView+ depends on / blocked
 
Reported: 2018-07-02 06:17 UTC by Sandro Bonazzola
Modified: 2019-07-30 14:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-07-30 14:08:04 UTC
oVirt Team: Infra
pm-rhel: ovirt-4.3+


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
oVirt gerrit 95286 master MERGED Ansible: run ansible with python3 interpreter when deploying fc host 2020-08-07 06:24:46 UTC

Description Sandro Bonazzola 2018-07-02 06:17:59 UTC
From https://lists.ovirt.org/archives/list/devel@ovirt.org/message/OP2EBYDWSKIPFVNXSTL6QTTKYNJFBPEA/

Next failure is in TASK [ovirt-host-deploy-firewalld : Enable SSH port] 
unsupported version of firewalld, requires >= 0.2.11

# rpm -q firewalld
firewalld-0.5.2-2.fc28.noarch

Obviously the complain is incorrect, "0.5.2" > "0.2.11".

Comment 1 Gal Zaidman 2018-11-01 07:21:15 UTC
This is probably caused because in Fedora 28 we removed the module python-firewall and we only have python3-firewall, ansible runs on the engine side and generates python2 files, therefore when we try to run on the fedora host we fail because there is no python-firewall,

see:
https://bugzilla.redhat.com/show_bug.cgi?id=1575428
and the note section on:
https://docs.ansible.com/ansible/2.5/modules/firewalld_module.html#requirements

we need to detect which version of os are we deploying to and run the appropriate ansible

Comment 2 Martin Perina 2018-11-01 08:17:05 UTC
This issue is raised because on FC28 the default ansible runs on Python2, but firewalld module for python exists only on Python3. This should be solved on FC29, where ansible is based only on Python3, but the question is if then we will not have issues running engine on FC29 and host CentOS7 (where we don't have Python 3).

Anyway moving to oVirt 4.4, which should focus on complete switch to Python 3

Comment 4 Sandro Bonazzola 2019-03-13 16:42:46 UTC
Martin this bug is on Verified state, looks like it got fixed in oVirt 4.3.2.
Can you check this bug status and eventually re-target?

Comment 5 Roberto N 2019-05-17 07:53:36 UTC
Using ovirt-node-ng-installer-4.3.3-2019041713.fc28.iso, issue is still present:

TASK [gluster.infra/roles/firewall_config : Open/Close firewalld ports] ********
failed: [foundation1-gls.example.com] (item=2049/tcp) => {"changed": false, "item": "2049/tcp", "msg": "Python Module not found: firewalld and its python module are required for this module,                         version 0.2.11 or newer required (0.3.9 or newer for offline operations)"}
failed: [foundation3-gls.example.com] (item=2049/tcp) => {"changed": false, "item": "2049/tcp", "msg": "Python Module not found: firewalld and its python module are required for this module,                         version 0.2.11 or newer required (0.3.9 or newer for offline operations)"}
failed: [foundation2-gls.example.com] (item=2049/tcp) => {"changed": false, "item": "2049/tcp", "msg": "Python Module not found: firewalld and its python module are required for this module,                         version 0.2.11 or newer required (0.3.9 or newer for offline operations)"}

Comment 6 Martin Perina 2019-05-17 08:03:12 UTC
(In reply to Roberto N from comment #5)
> Using ovirt-node-ng-installer-4.3.3-2019041713.fc28.iso, issue is still
> present:
> 
> TASK [gluster.infra/roles/firewall_config : Open/Close firewalld ports]
> ********
> failed: [foundation1-gls.example.com] (item=2049/tcp) => {"changed": false,
> "item": "2049/tcp", "msg": "Python Module not found: firewalld and its
> python module are required for this module,                         version
> 0.2.11 or newer required (0.3.9 or newer for offline operations)"}
> failed: [foundation3-gls.example.com] (item=2049/tcp) => {"changed": false,
> "item": "2049/tcp", "msg": "Python Module not found: firewalld and its
> python module are required for this module,                         version
> 0.2.11 or newer required (0.3.9 or newer for offline operations)"}
> failed: [foundation2-gls.example.com] (item=2049/tcp) => {"changed": false,
> "item": "2049/tcp", "msg": "Python Module not found: firewalld and its
> python module are required for this module,                         version
> 0.2.11 or newer required (0.3.9 or newer for offline operations)"}

What do you mean by ovirt-node-ng-installer ? Eeven NGN nodes need to be installed using oVirt webadmin or RESTAPI ...

Comment 7 Roberto N 2019-05-17 19:24:17 UTC
Hi Martin
I mean using that image on nodes.
After installation, I was using standard web interface to deploy HCI

Comment 8 Sandro Bonazzola 2019-07-30 14:08:04 UTC
This bugzilla is included in oVirt 4.3.5 release, published on July 30th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.5 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.