Bug 445622 - lokkit hangs kickstart installs
lokkit hangs kickstart installs
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: system-config-securitylevel (Show other bugs)
5.1
All Linux
low Severity low
: rc
: ---
Assigned To: Thomas Woerner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-07 22:06 EDT by Jonathan Steffan
Modified: 2009-09-29 07:41 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-29 07:41:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jonathan Steffan 2008-05-07 22:06:07 EDT
Description of problem:
When adding 'firewall --enabled --ssh' to a kickstart that otherwise works
(read: 'firewall --disabled' lokkit hangs at install time which hangs anaconda.

Version-Release number of selected component (if applicable):
system-config-securitylevel-1.6.29.1-1

How reproducible:
Always

Steps to Reproduce:
1. Add 'firewall --enabled --ssh' to a known working kickstart
  
Actual results:
lokkit hangs, needs to be killed to make install proceed. If left long enough,
install reboots and then hangs at applying ip6tables firewall rules (read:
ip6tables init)

Expected results:
Everything works.

Additional info:
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Installation_Guide-en-US/s1-kickstart2-options.html
states that --ssh and --port=22 should work.
Comment 1 Jonathan Steffan 2008-05-07 22:07:43 EDT
s/disabled'/disabled'\)/

--port=22 is not valid, testing --port=22:tcp now.
Comment 2 Jonathan Steffan 2008-05-07 22:17:10 EDT
--port=22:tcp also hangs. The resulting command is (read: the command that is
hanging):

lokkit --quiet --nostart -f --enabled --port=22:tcp --port=22:tcp
Comment 3 Jonathan Steffan 2008-05-07 22:19:04 EDT
Manually running this command seems to succeed, however the anaconda started
lokkit command still hangs.
Comment 4 Thomas Woerner 2008-05-08 07:22:09 EDT
Could you please attach the output of attaching a strace on the hanging lokkit
command?
Comment 5 Jonathan Steffan 2008-05-08 11:01:57 EDT
How might I get strace into the active install? It seems busybox doesn't have
it. Should I just scp a compatible binary?
Comment 6 Thomas Woerner 2008-05-08 11:11:21 EDT
Oh right, that is a busybox environment. I do not know if it possible to get the
strace from an installed system working with it.
Comment 7 Jonathan Steffan 2008-05-08 11:37:14 EDT
So, Jeroen van Meeuwen has ran into this issue before. The issue is setting:
--enableldapauth --ldapserver=ldap.domain.tld --ldapbasedn=dc=domain,dc=tld
--enablecache where the ldap.domain.tld is MS AD. Fun. Lokkit now runs as expected.
Comment 8 Jeroen van Meeuwen 2008-05-08 12:33:14 EDT
Well, I had a similar issue where /etc/nsswitch.conf has "hosts: files dns
ldap", network didn't come up properly, querying files and dns for
"ldap01.domain.tld" failed accordingly and it fell back to ldap (which then
again wanted ldap01.domain.tld), which resulted in timeouts and eventually
segfaulted.

While the catch-22 I encountered was caused by the network not coming up
properly (hence no bug was logged), obviously one would want to see this
particular issue fixed, as it's occurring during the installation and a
perfectly viable use-case.
Comment 10 RHEL Product and Program Management 2009-03-26 12:47:07 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 11 Jonathan Steffan 2009-09-07 18:15:20 EDT
This looks to have been fixed is the 5.3 nss as I've been unable to reproduce it.
Comment 12 Phil Knirsch 2009-09-29 07:41:54 EDT
Closing as CURRENTRELEASE as per comment #11.

Please feel free to reopen in case the problem reappears.

Thanks & regards, Phil

Note You need to log in before you can comment on or make changes to this bug.