[Bug 809119] New: ssh installation blocked by SuSEFirewall service
https://bugzilla.novell.com/show_bug.cgi?id=809119 https://bugzilla.novell.com/show_bug.cgi?id=809119#c0 Summary: ssh installation blocked by SuSEFirewall service Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Installation AssignedTo: fcrozat@suse.com ReportedBy: jsuchome@suse.com QAContact: jsrain@suse.com CC: mfilka@suse.com Found By: Development Blocker: --- During 2nd stage of ssh installation, YaST is blocked apparently by some problems with SuSEFirewall. I think we've met this already in Betas/RCs, but maybe the problem was not solved for special case of ssh installation. Last line in y2log says: 2013-03-13 11:17:54 <1> linux-xfmo(16885) [YCP] Service.ycp:355 Running service initscript SuSEfirewall2 start
ps aux | grep systemctl root 21635 0.0 0.1 24696 1092 pts/0 S+ 11:17 0:00 /bin/systemctl start SuSEfirewall2.service
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c1
--- Comment #1 from Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c2
--- Comment #2 from Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c3
--- Comment #3 from Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c4
--- Comment #4 from Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c5
--- Comment #5 from Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c6
Frederic Crozat
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c
FeiXiang Zhang
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c7
Jiří Suchomel
So, it would be better for Second-Stage Yast "yast.ssh" to set it, if needed.
So, this would be set in yast2-installation, probably directly in YaST2.ssh. Shame it was found so late, now even online update won't fix 12.3 installations... :-(
Of course, for Factory, we really want to drop all this stuff and have the second-stage working without any kludge.
So do you have any clean solution in mind? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c8
Jiří Suchomel
Shame it was found so late, now even online update won't fix 12.3 installations... :-(
Although, releasing updated yast2-installation could help users who are using updated 12.3 repositories from start of installation. Coolo, does it make sense? Is there such group of users that would benefit from it? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c9
Stephan Kulow
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c10
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c11
--- Comment #11 from Jiří Suchomel
So it looks like we have to document workaround for current (12.3) behavior and find a proper fix for next release/Factory.
I'll add an entry to Most Annoying Bugs.
https://en.opensuse.org/openSUSE:Most_annoying_bugs_12.3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c12
--- Comment #12 from Frederic Crozat
only dud makes sense IMO.
since yast.ssh need to be started "manually" by user for second stage, there is little point in creating a DUD vs just telling user to call "SYSTEMCTL_OPTIONS=--ignore-dependencies yast.ssh". I still think we should push a fix for yast.ssh for 12.3 (I think many people using ssh installation are also using "expert" mode which will install updates before rebooting for second stage). This is for a "yast" expert to fix, not me :) (In reply to comment #7)
(In reply to comment #6)
Of course, for Factory, we really want to drop all this stuff and have the second-stage working without any kludge.
So do you have any clean solution in mind?
Yes, I already proposed one in bnc#800365 but yast-2nd-stage must be fixed first to ensure it behaves correctly when some services like network are started before it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c13
--- Comment #13 from Jiří Suchomel
I still think we should push a fix for yast.ssh for 12.3 (I think many people using ssh installation are also using "expert" mode which will install updates before rebooting for second stage). This is for a "yast" expert to fix, not me :)
The installation of updates during 2nd stage normally happens during second stage, so getting updated yast2-installation package this way is too late. If one really installs updates manually, than he could use the workaround anyway (see comment 11 and feel free to update it).
So do you have any clean solution in mind?
Yes, I already proposed one in bnc#800365 but yast-2nd-stage must be fixed first to ensure it behaves correctly when some services like network are started before it.
12.3 development is over, so feel free to submit patches for Factory. Or point yast developers to bugs that need fixing, if some problem is on YaST side. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c14
--- Comment #14 from Frederic Crozat
The installation of updates during 2nd stage normally happens during second stage, so getting updated yast2-installation package this way is too late.
If one really installs updates manually, than he could use the workaround anyway (see comment 11 and feel free to update it).
Current workaround description is ok for me
So do you have any clean solution in mind?
Yes, I already proposed one in bnc#800365 but yast-2nd-stage must be fixed first to ensure it behaves correctly when some services like network are started before it.
12.3 development is over, so feel free to submit patches for Factory. Or point yast developers to bugs that need fixing, if some problem is on YaST side.
will do. The sooner we push those changes to Factory, the better, it will allow us to find the issues faster. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c16
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c17
Karl Eichwalder
We shouldn't "hide" such things somewhere in the wiki ;-)
Karl, can you please add this problem and the workaround to the Release Notes? See https://en.opensuse.org/openSUSE:Most_annoying_bugs_12.3 for details.
(Feel free to also add the nvidia-related issue (bug #808319) that is also mentioned in the wiki.)
Ok, I track it here: https://bugzilla.novell.com/show_bug.cgi?id=811952. Maybe, next week (I would not mind if there would be someone who is faster). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c18
Karl Eichwalder
We shouldn't "hide" such things somewhere in the wiki ;-)
Karl, can you please add this problem and the workaround to the Release Notes? See https://en.opensuse.org/openSUSE:Most_annoying_bugs_12.3 for details.
(Feel free to also add the nvidia-related issue (bug #808319) that is also mentioned in the wiki.)
We mostly covered the nvidia isssue already her: bug 809163. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c19
Karl Eichwalder
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c20
--- Comment #20 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=809119
https://bugzilla.novell.com/show_bug.cgi?id=809119#c21
Frederic Crozat
participants (1)
-
bugzilla_noreply@novell.com