Bug 1733999 - firewall-cmd: command not found
Summary: firewall-cmd: command not found
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld
Version: 7.7
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Eric Garver
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-29 12:26 UTC by dlovison
Modified: 2020-02-10 14:06 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-02-10 14:06:23 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description dlovison 2019-07-29 12:26:37 UTC
Description of problem:
-bash: firewall-cmd: command not found

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 7.7 (Maipo)

How reproducible:
Red Hat Enterprise Linux Server release 7.7 (Maipo)
redhat-release-server-7.7-10.el7.x86_64

Steps to Reproduce:
1.firewall-cmd
2.
3.

Actual results:
-bash: firewall-cmd: command not found

Expected results:
usage: see firewall-cmd man page
No option specified.

Additional info:
It was working in the previous 77 image.

Comment 2 Eric Garver 2019-07-29 13:44:44 UTC
(In reply to dlovison from comment #0)
> Description of problem:
> -bash: firewall-cmd: command not found

Can you verify firewalld is installed? What do the following commands yield?

  # yum info firewalld
  # which firewall-cmd

Comment 4 dlovison 2019-07-29 13:55:26 UTC
[cloud-user@tmp-dlovison-rhel7rc3 ~]$ yum info firewalld
Failed to set locale, defaulting to C
Loaded plugins: search-disabled-repos
beaker-AppStream                                                                                                 | 2.8 kB  00:00:00     
beaker-BaseOS                                                                                                    | 2.3 kB  00:00:00     
(1/4): beaker-BaseOS/group_gz                                                                                    | 5.8 kB  00:00:00     
(2/4): beaker-AppStream/group_gz                                                                                 | 103 kB  00:00:00     
(3/4): beaker-BaseOS/primary                                                                                     | 997 kB  00:00:00     
(4/4): beaker-AppStream/primary                                                                                  | 2.0 MB  00:00:01     
beaker-AppStream                                                                                                              5229/5229
beaker-BaseOS                                                                                                                 4715/4715
Available Packages
Name        : firewalld
Arch        : noarch
Version     : 0.6.3
Release     : 2.el7
Size        : 441 k
Repo        : beaker-AppStream
Summary     : A firewall daemon with D-Bus interface providing a dynamic firewall
URL         : http://www.firewalld.org
License     : GPLv2+
Description : firewalld is a firewall service daemon that provides a dynamic customizable
            : firewall with a D-Bus interface.

[cloud-user@tmp-dlovison-rhel7rc3 ~]$ which firewall-cmd
/usr/bin/which: no firewall-cmd in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/bin:/home/cloud-user/bin)

Comment 5 Eric Garver 2019-07-29 14:15:07 UTC
(In reply to dlovison from comment #4)
[..]
> [cloud-user@tmp-dlovison-rhel7rc3 ~]$ which firewall-cmd
> /usr/bin/which: no firewall-cmd in
> (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/
> bin:/home/cloud-user/bin)

It should exist at /usr/bin/firewall-cmd. It's part of the firewalld package so it should be there. What happens if you reinstall firewalld?

  # yum reinstall firewalld

Comment 6 dlovison 2019-07-29 14:29:57 UTC
[root@tmp-dlovison-rhel7rc3 cloud-user]# yum reinstall firewalld
Failed to set locale, defaulting to C
Loaded plugins: search-disabled-repos
No Match for argument: firewalld
beaker-AppStream                                                                                                 | 2.8 kB  00:00:00     
beaker-BaseOS                                                                                                    | 2.3 kB  00:00:00     
(1/4): beaker-BaseOS/group_gz                                                                                    | 5.8 kB  00:00:00     
(2/4): beaker-AppStream/group_gz                                                                                 | 103 kB  00:00:00     
(3/4): beaker-BaseOS/primary                                                                                     | 997 kB  00:00:00     
(4/4): beaker-AppStream/primary                                                                                  | 2.0 MB  00:00:01     
beaker-AppStream                                                                                                              5229/5229
beaker-BaseOS                                                                                                                 4715/4715
Package(s) firewalld available, but not installed.
Error: Nothing to do


----------


[root@tmp-dlovison-rhel7rc3 cloud-user]# yum install firewalld
Failed to set locale, defaulting to C
Loaded plugins: search-disabled-repos
Resolving Dependencies
--> Running transaction check
---> Package firewalld.noarch 0:0.6.3-2.el7 will be installed
--> Processing Dependency: python-firewall = 0.6.3-2.el7 for package: firewalld-0.6.3-2.el7.noarch
--> Processing Dependency: firewalld-filesystem = 0.6.3-2.el7 for package: firewalld-0.6.3-2.el7.noarch
............
Installed:
  firewalld.noarch 0:0.6.3-2.el7                                                                                                        

Dependency Installed:
  ebtables.x86_64 0:2.0.10-16.el7              firewalld-filesystem.noarch 0:0.6.3-2.el7        ipset.x86_64 0:7.1-1.el7               
  ipset-libs.x86_64 0:7.1-1.el7                python-firewall.noarch 0:0.6.3-2.el7             python-slip.noarch 0:0.4.0-4.el7       
  python-slip-dbus.noarch 0:0.4.0-4.el7       

Complete!


----------


[cloud-user@tmp-dlovison-rhel7rc3 ~]$ which firewall-cmd
/usr/bin/firewall-cmd


----------


Why the tool is not installed by default? Are there any reason why it was removed ?

Comment 7 Tomas Dolezal 2019-07-29 14:41:04 UTC
(In reply to dlovison from comment #6)
> Why the tool is not installed by default? Are there any reason why it was
> removed ?
As I saw previously that you were using cloud-init, could you revise any configuration you have for the daemon present in the hypervisor environment? My check in rhel-guest-image for 7.7 shown the package presence. Also Core packages group requires the package. I believe that enabling logs persistence and/or extended logging might show why and when the package got removed.

Does /var/log/yum.log contain anything?

Comment 8 dlovison 2019-07-29 14:44:46 UTC
My image base image was: RHEL-7.7-20190723.1-Server-x86_64

[root@tmp-dlovison-rhel7rc3 cloud-user]# cat /var/log/yum.log | grep firewall
Jul 29 10:26:56 Installed: firewalld-filesystem-0.6.3-2.el7.noarch
Jul 29 10:26:56 Installed: python-firewall-0.6.3-2.el7.noarch
Jul 29 10:26:56 Installed: firewalld-0.6.3-2.el7.noarch

Comment 9 Eric Garver 2019-07-29 15:41:15 UTC
(In reply to dlovison from comment #8)
> My image base image was: RHEL-7.7-20190723.1-Server-x86_64
> 
> [root@tmp-dlovison-rhel7rc3 cloud-user]# cat /var/log/yum.log | grep firewall
> Jul 29 10:26:56 Installed: firewalld-filesystem-0.6.3-2.el7.noarch
> Jul 29 10:26:56 Installed: python-firewall-0.6.3-2.el7.noarch
> Jul 29 10:26:56 Installed: firewalld-0.6.3-2.el7.noarch

It was installed. Maybe something horrible happened during cloud-init that caused the binary to be removed. At any rate, it's clear there is no firewalld bug here.

Are you able to reproduce this?

Comment 10 dlovison 2019-07-29 16:00:27 UTC
Yes. Create a fresh image from RHEL-7.7-20190723.1-Server-x86_64 and

$ ssh -i jdg-jenkins cloud-user@10.0.150.170
The authenticity of host '10.0.150.170 (10.0.150.170)' can't be established.
ECDSA key fingerprint is SHA256:PNTr5ZJ8eaV0ioURvSZI0TQ/HM1FWaYCRAi5Uz0Mi4Y.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.0.150.170' (ECDSA) to the list of known hosts.
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
[cloud-user@bug-1733999 ~]$ which firewall-cmd
/usr/bin/which: no firewall-cmd in (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/bin:/home/cloud-user/bin)
[cloud-user@bug-1733999 ~]$

Comment 11 Eric Garver 2019-07-29 19:20:10 UTC
(In reply to dlovison from comment #10)
> Yes. Create a fresh image from RHEL-7.7-20190723.1-Server-x86_64 and
> 
> $ ssh -i jdg-jenkins cloud-user@10.0.150.170
> The authenticity of host '10.0.150.170 (10.0.150.170)' can't be established.
> ECDSA key fingerprint is SHA256:PNTr5ZJ8eaV0ioURvSZI0TQ/HM1FWaYCRAi5Uz0Mi4Y.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '10.0.150.170' (ECDSA) to the list of known hosts.
> -bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such
> file or directory
> [cloud-user@bug-1733999 ~]$ which firewall-cmd
> /usr/bin/which: no firewall-cmd in
> (/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/cloud-user/.local/
> bin:/home/cloud-user/bin)
> [cloud-user@bug-1733999 ~]$

I'm not familiar with using cloud-init. Can you share the steps you're using to reproduce?
Please attach any relevant log files; yum, cloud-init, etc.

Comment 12 dlovison 2019-07-29 19:23:27 UTC
1) Open https://rhos-d.infra.prod.upshift.rdu2.redhat.com/dashboard/project/instances/
2) Search the image RHEL-7.7-20190723.1-Server-x86_64
3) Create the instance
4) Login using ssh
5) Type: which firewall-cmd

Those are the steps.

Comment 15 Eric Garver 2020-02-10 14:06:23 UTC
There is insufficient information to reproduce this. It appears something happened after cloud-init that caused firewalld to be removed from the system. There is nothing actionable on firewalld's side.

Furthermore this is reported against RHEL-7, but RHEL-8 repos (BaseOS, AppStream) are in use.


Note You need to log in before you can comment on or make changes to this bug.