769339 – Cannot disable firewall via kickstart

Bug 769339 - Cannot disable firewall via kickstart

Summary: Cannot disable firewall via kickstart

Keywords:
Status:	CLOSED DUPLICATE of bug 733778
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	anaconda
Sub Component:
Version:	16
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Anaconda Maintenance Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-12-20 14:41 UTC by John Florian
Modified:	2011-12-21 18:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2011-12-21 18:04:40 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description John Florian 2011-12-20 14:41:03 UTC

Description of problem:
It appears that with the introduction of systemd and native units for iptables.service, it is no longer possible to have a kickstart disable this service using the conventional "firewall --disabled" directive.

Version-Release number of selected component (if applicable):
Whatever shipped with the F16 DVD image, which I suspect is 16.25-1.fc16.

How reproducible:
always

Steps to Reproduce:
1. Modify an existing kickstart file to include the "firewall --disabled" directive.
2. Make a spin.
  
Actual results:
The custom spin still has iptables.service enabled.

Expected results:
The iptables.service should be disabled.

Additional info:
I'm actually producing the spins with livecd-tools, if that somehow matters.

Comment 1 Chris Lumens 2011-12-20 15:07:41 UTC

Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we can see what's going on.  Thanks.

Comment 2 John Florian 2011-12-20 15:43:44 UTC

(In reply to comment #1)
> Please attach /tmp/anaconda.log and /tmp/program.log to this bug report so we
> can see what's going on.  Thanks.

Those would be immensely helpful and I'd be happy to, but I don't know that those are available when using livecd-creator.  I've used the --shell option and looked around for them at that stage and found nothing.  I also looked around on the host which is running livecd-creator, but found nothing there either.

Any ideas?

For the record, I also tried changing "firewall --disabled" to "firewall --enabled --service=ssh" and that seemed to have no affect either.  With that, the iptables service is still enabled, but port 22 hasn't been opened up.

Comment 3 John Florian 2011-12-20 21:33:17 UTC

Upon further review of things, I think perhaps this bug should be filed not against anaconda, but to python-imgcreate instead.  I would have guessed that livecd-tools somehow wrapped around anaconda, but it appears to use python-imgcreate which has its own kickstart parser and related methods to emulate what anaconda does.  Or perhaps anaconda also uses python-imgcreate?

Comment 4 Chris Lumens 2011-12-21 18:04:40 UTC


*** This bug has been marked as a duplicate of bug 733778 ***

Comment 5 John Florian 2011-12-21 18:35:56 UTC

I don't believe this is a duplicate.  My situation requires the use of livecd-tools (and python-imgcreate indirectly) whereas #733778 makes no mention of either.

This problem may be related to another bug I also filed yesterday, #769457.

Note You need to log in before you can comment on or make changes to this bug.