Hide Forgot
Description of problem: -bash: firewall-cmd: command not found Version-Release number of selected component (if applicable): Red Hat Enterprise Linux Server release 7.7 (Maipo) How reproducible: Red Hat Enterprise Linux Server release 7.7 (Maipo) redhat-release-server-7.7-10.el7.x86_64 Steps to Reproduce: 1.firewall-cmd 2. 3. Actual results: -bash: firewall-cmd: command not found Expected results: usage: see firewall-cmd man page No option specified. Additional info: It was working in the previous 77 image.
(In reply to dlovison from comment #0) > Description of problem: > -bash: firewall-cmd: command not found Can you verify firewalld is installed? What do the following commands yield? # yum info firewalld # which firewall-cmd
[cloud-user@tmp-dlovison-rhel7rc3 ~]$ yum info firewalld Failed to set locale, defaulting to C Loaded plugins: search-disabled-repos beaker-AppStream | 2.8 kB 00:00:00 beaker-BaseOS | 2.3 kB 00:00:00 (1/4): beaker-BaseOS/group_gz | 5.8 kB 00:00:00 (2/4): beaker-AppStream/group_gz | 103 kB 00:00:00 (3/4): beaker-BaseOS/primary | 997 kB 00:00:00 (4/4): beaker-AppStream/primary | 2.0 MB 00:00:01 beaker-AppStream 5229/5229 beaker-BaseOS 4715/4715 Available Packages Name : firewalld Arch : noarch Version : 0.6.3 Release : 2.el7 Size : 441 k Repo : beaker-AppStream Summary : A firewall daemon with D-Bus interface providing a dynamic firewall URL : http://www.firewalld.org License : GPLv2+ Description : firewalld is a firewall service daemon that provides a dynamic customizable : firewall with a D-Bus interface. [cloud-user@tmp-dlovison-rhel7rc3 ~]$ which firewall-cmd /usr/bin/which: no firewall-cmd in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/bin:/home/cloud-user/bin)
(In reply to dlovison from comment #4) [..] > [cloud-user@tmp-dlovison-rhel7rc3 ~]$ which firewall-cmd > /usr/bin/which: no firewall-cmd in > (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/ > bin:/home/cloud-user/bin) It should exist at /usr/bin/firewall-cmd. It's part of the firewalld package so it should be there. What happens if you reinstall firewalld? # yum reinstall firewalld
[root@tmp-dlovison-rhel7rc3 cloud-user]# yum reinstall firewalld Failed to set locale, defaulting to C Loaded plugins: search-disabled-repos No Match for argument: firewalld beaker-AppStream | 2.8 kB 00:00:00 beaker-BaseOS | 2.3 kB 00:00:00 (1/4): beaker-BaseOS/group_gz | 5.8 kB 00:00:00 (2/4): beaker-AppStream/group_gz | 103 kB 00:00:00 (3/4): beaker-BaseOS/primary | 997 kB 00:00:00 (4/4): beaker-AppStream/primary | 2.0 MB 00:00:01 beaker-AppStream 5229/5229 beaker-BaseOS 4715/4715 Package(s) firewalld available, but not installed. Error: Nothing to do ---------- [root@tmp-dlovison-rhel7rc3 cloud-user]# yum install firewalld Failed to set locale, defaulting to C Loaded plugins: search-disabled-repos Resolving Dependencies --> Running transaction check ---> Package firewalld.noarch 0:0.6.3-2.el7 will be installed --> Processing Dependency: python-firewall = 0.6.3-2.el7 for package: firewalld-0.6.3-2.el7.noarch --> Processing Dependency: firewalld-filesystem = 0.6.3-2.el7 for package: firewalld-0.6.3-2.el7.noarch ............ Installed: firewalld.noarch 0:0.6.3-2.el7 Dependency Installed: ebtables.x86_64 0:2.0.10-16.el7 firewalld-filesystem.noarch 0:0.6.3-2.el7 ipset.x86_64 0:7.1-1.el7 ipset-libs.x86_64 0:7.1-1.el7 python-firewall.noarch 0:0.6.3-2.el7 python-slip.noarch 0:0.4.0-4.el7 python-slip-dbus.noarch 0:0.4.0-4.el7 Complete! ---------- [cloud-user@tmp-dlovison-rhel7rc3 ~]$ which firewall-cmd /usr/bin/firewall-cmd ---------- Why the tool is not installed by default? Are there any reason why it was removed ?
(In reply to dlovison from comment #6) > Why the tool is not installed by default? Are there any reason why it was > removed ? As I saw previously that you were using cloud-init, could you revise any configuration you have for the daemon present in the hypervisor environment? My check in rhel-guest-image for 7.7 shown the package presence. Also Core packages group requires the package. I believe that enabling logs persistence and/or extended logging might show why and when the package got removed. Does /var/log/yum.log contain anything?
My image base image was: RHEL-7.7-20190723.1-Server-x86_64 [root@tmp-dlovison-rhel7rc3 cloud-user]# cat /var/log/yum.log | grep firewall Jul 29 10:26:56 Installed: firewalld-filesystem-0.6.3-2.el7.noarch Jul 29 10:26:56 Installed: python-firewall-0.6.3-2.el7.noarch Jul 29 10:26:56 Installed: firewalld-0.6.3-2.el7.noarch
(In reply to dlovison from comment #8) > My image base image was: RHEL-7.7-20190723.1-Server-x86_64 > > [root@tmp-dlovison-rhel7rc3 cloud-user]# cat /var/log/yum.log | grep firewall > Jul 29 10:26:56 Installed: firewalld-filesystem-0.6.3-2.el7.noarch > Jul 29 10:26:56 Installed: python-firewall-0.6.3-2.el7.noarch > Jul 29 10:26:56 Installed: firewalld-0.6.3-2.el7.noarch It was installed. Maybe something horrible happened during cloud-init that caused the binary to be removed. At any rate, it's clear there is no firewalld bug here. Are you able to reproduce this?
Yes. Create a fresh image from RHEL-7.7-20190723.1-Server-x86_64 and $ ssh -i jdg-jenkins cloud-user@10.0.150.170 The authenticity of host '10.0.150.170 (10.0.150.170)' can't be established. ECDSA key fingerprint is SHA256:PNTr5ZJ8eaV0ioURvSZI0TQ/HM1FWaYCRAi5Uz0Mi4Y. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.150.170' (ECDSA) to the list of known hosts. -bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory [cloud-user@bug-1733999 ~]$ which firewall-cmd /usr/bin/which: no firewall-cmd in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/bin:/home/cloud-user/bin) [cloud-user@bug-1733999 ~]$
(In reply to dlovison from comment #10) > Yes. Create a fresh image from RHEL-7.7-20190723.1-Server-x86_64 and > > $ ssh -i jdg-jenkins cloud-user@10.0.150.170 > The authenticity of host '10.0.150.170 (10.0.150.170)' can't be established. > ECDSA key fingerprint is SHA256:PNTr5ZJ8eaV0ioURvSZI0TQ/HM1FWaYCRAi5Uz0Mi4Y. > Are you sure you want to continue connecting (yes/no)? yes > Warning: Permanently added '10.0.150.170' (ECDSA) to the list of known hosts. > -bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such > file or directory > [cloud-user@bug-1733999 ~]$ which firewall-cmd > /usr/bin/which: no firewall-cmd in > (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/ > bin:/home/cloud-user/bin) > [cloud-user@bug-1733999 ~]$ I'm not familiar with using cloud-init. Can you share the steps you're using to reproduce? Please attach any relevant log files; yum, cloud-init, etc.
1) Open https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/ 2) Search the image RHEL-7.7-20190723.1-Server-x86_64 3) Create the instance 4) Login using ssh 5) Type: which firewall-cmd Those are the steps.
There is insufficient information to reproduce this. It appears something happened after cloud-init that caused firewalld to be removed from the system. There is nothing actionable on firewalld's side. Furthermore this is reported against RHEL-7, but RHEL-8 repos (BaseOS, AppStream) are in use.