Project

General

Profile

Feature #16958

installer pre installation check should investigate if iptables or firewalld are enabled and if so ensure required ports are opened

Added by Stephen Benjamin almost 3 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Installer
Target version:
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1270343
Description of problem:

katello-installer pre installation check should investigate if iptables or firewalld are enabled that proper ports are opened

katello-installer does not check firewall for needed ports prior to install

What problem/issue/behavior are you having trouble with? What do you expect to see?

See also:

http://projects.theforeman.org/issues/7419
https://access.redhat.com/solutions/1378233

RHEL 7.1 fully updated installing fully updated sat 6.1.2
Firewall is running by default with this line from KS:
firewall --service=ssh --service=http --service=https

katello-installer runs fine to 99% and then throws error:

[root@satellite6 ~]# katello-installer --capsule-dhcp=true --capsule-dns=true --capsule-tftp=true --katello-proxy-url=http://10.37.223.97 --katello-proxy-port=80
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite6.nomura.com]: Could not evaluate: Could not load data from https://satellite6.nomura.com
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite6.nomura.com]: Failed to call refresh: Could not load data from https://satellite6.nomura.com
/Stage[main]/Foreman_proxy::Register/Foreman_smartproxy[satellite6.nomura.com]: Could not load data from https://satellite6.nomura.com
Installing Done [100%] [...........................................................................................................................................................................................]
Something went wrong! Check the log for ERROR-level output
The full log is at /var/log/katello-installer/katello-installer.log
[root@satellite6 ~]#

running with --reset or simply re-running katello-installer does not help.

When I added:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=tftp
firewall-cmd --permanent --add-service=dhcp
firewall-cmd --permanent --add-service=dns

firewall-cmd --add-service=http
firewall-cmd --add-service=https
firewall-cmd --add-service=tftp
firewall-cmd --add-service=dhcp
firewall-cmd --add-service=dns

then run:
katello-installer --reset
Install works fine.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

We probably should have some sort of rudimentary pre installation check in place for anything that is documented in the pre-quisite check.

https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/Installation_Guide/sect-Red_Hat_Satellite-Installation_Guide-Prerequisites.html

I see a few of issues covered already

https://bugzilla.redhat.com/show_bug.cgi?id=1103884
https://bugzilla.redhat.com/show_bug.cgi?id=1119910

It might be a good idea to dump the checks out to log file that way customers know what we are coding in as sometimes docs can get out of date with code.

History

#1 Updated by Justin Sherrill over 2 years ago

  • Subject changed from installer pre installation check should investigate if iptables or firewalld are enabled and if so ensure required ports are opened to installer pre installation check should investigate if iptables or firewalld are enabled and if so ensure required ports are opened
  • Legacy Backlogs Release (now unused) set to 114

Also available in: Atom PDF