Red Hat Bugzilla – Bug 445622
lokkit hangs kickstart installs
Last modified: 2009-09-29 07:41:54 EDT
Description of problem:
When adding 'firewall --enabled --ssh' to a kickstart that otherwise works
(read: 'firewall --disabled' lokkit hangs at install time which hangs anaconda.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Add 'firewall --enabled --ssh' to a known working kickstart
lokkit hangs, needs to be killed to make install proceed. If left long enough,
install reboots and then hangs at applying ip6tables firewall rules (read:
states that --ssh and --port=22 should work.
--port=22 is not valid, testing --port=22:tcp now.
--port=22:tcp also hangs. The resulting command is (read: the command that is
lokkit --quiet --nostart -f --enabled --port=22:tcp --port=22:tcp
Manually running this command seems to succeed, however the anaconda started
lokkit command still hangs.
Could you please attach the output of attaching a strace on the hanging lokkit
How might I get strace into the active install? It seems busybox doesn't have
it. Should I just scp a compatible binary?
Oh right, that is a busybox environment. I do not know if it possible to get the
strace from an installed system working with it.
So, Jeroen van Meeuwen has ran into this issue before. The issue is setting:
--enableldapauth --ldapserver=ldap.domain.tld --ldapbasedn=dc=domain,dc=tld
--enablecache where the ldap.domain.tld is MS AD. Fun. Lokkit now runs as expected.
Well, I had a similar issue where /etc/nsswitch.conf has "hosts: files dns
ldap", network didn't come up properly, querying files and dns for
"ldap01.domain.tld" failed accordingly and it fell back to ldap (which then
again wanted ldap01.domain.tld), which resulted in timeouts and eventually
While the catch-22 I encountered was caused by the network not coming up
properly (hence no bug was logged), obviously one would want to see this
particular issue fixed, as it's occurring during the installation and a
perfectly viable use-case.
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
This looks to have been fixed is the 5.3 nss as I've been unable to reproduce it.
Closing as CURRENTRELEASE as per comment #11.
Please feel free to reopen in case the problem reappears.
Thanks & regards, Phil