Project

General

Profile

Actions

Feature #16958

closed

installer pre installation check should investigate if iptables or firewalld are enabled and if so ensure required ports are opened

Added by Stephen Benjamin about 8 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1270343
Description of problem:

katello-installer pre installation check should investigate if iptables or firewalld are enabled that proper ports are opened

katello-installer does not check firewall for needed ports prior to install

What problem/issue/behavior are you having trouble with? What do you expect to see?

See also:

http://projects.theforeman.org/issues/7419
https://access.redhat.com/solutions/1378233

RHEL 7.1 fully updated installing fully updated sat 6.1.2
Firewall is running by default with this line from KS:
firewall --service=ssh --service=http --service=https

katello-installer runs fine to 99% and then throws error:

[root@satellite6 ~]# katello-installer --capsule-dhcp=true --capsule-dns=true --capsule-tftp=true --katello-proxy-url=http://10.37.223.97 --katello-proxy-port=80
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite6.nomura.com]: Could not evaluate: Could not load data from https://satellite6.nomura.com
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite6.nomura.com]: Failed to call refresh: Could not load data from https://satellite6.nomura.com
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite6.nomura.com]: Could not load data from https://satellite6.nomura.com
Installing Done [100%] [...........................................................................................................................................................................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/katello-installer.log
[root@satellite6 ~]#

running with --reset or simply re-running katello-installer does not help.

When I added:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=tftp
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --permanent --add-service=dns

firewall-cmd --add-service=http
firewall-cmd --add-service=https
firewall-cmd --add-service=tftp
firewall-cmd --add-service=dhcp
firewall-cmd --add-service=dns

then run:
katello-installer --reset
Install works fine.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

We probably should have some sort of rudimentary pre installation check in place for anything that is documented in the pre-quisite check.

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/Installation_Guide/sect-Red_Hat_Satellite-Installation_Guide-Prerequisites.html

I see a few of issues covered already

https://bugzilla.redhat.com/show_bug.cgi?id=1103884
https://bugzilla.redhat.com/show_bug.cgi?id=1119910

It might be a good idea to dump the checks out to log file that way customers know what we are coding in as sometimes docs can get out of date with code.

Actions #1

Updated by Justin Sherrill about 8 years ago

  • Subject changed from installer pre installation check should investigate if iptables or firewalld are enabled and if so ensure required ports are opened to installer pre installation check should investigate if iptables or firewalld are enabled and if so ensure required ports are opened
  • Translation missing: en.field_release set to 114
Actions #2

Updated by Ewoud Kohl van Wijngaarden over 1 year ago

  • Status changed from New to Rejected
  • Triaged set to No
Actions

Also available in: Atom PDF