Hi! I'm a old Linux user but a new SuSE user. I'm very happy with the system and Yast is really the nicest system tool I've ever used, For any OS. It's just great. scpm is also a great peace of software that I'm using extensively. However, I have some problems with it and the firewall. I have two profiles, Home and Work (well, I have more than that, but let's ignore the rest). In the Home profile I do NOT have the firewall activated and in the Work profile I have it activated. But when changing back from Work to Home it's still activated. I really don't understand this. So.... Here is what I've found out so far zyrgelkwytng:/var/lib/scpm # scpm list_groups -a ntpd Network Time Protocol daemon xf86 X-Server settings autofs Automounter service SuSEfirewall2 SuSE Firewall 2 network Basic network settings printer Printer settings zyrgelkwytng:/var/lib/scpm # scpm active Home zyrgelkwytng:/var/lib/scpm # chkconfig --list|grep fire SuSEfirewall2_final 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_init 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off zyrgelkwytng:/var/lib/scpm/profiles/Home/service # scpm save Checking for modified resources zyrgelkwytng:/var/lib/scpm/profiles/Home/service # pwd /var/lib/scpm/profiles/Home/service zyrgelkwytng:/var/lib/scpm/profiles/Home/service # cat SuSEfirewall2__* 0:off 1:off 2:off 3:off 4:off 5:off 0:off 1:off 2:off 3:off 4:off 5:off 0:off 1:off 2:off 3:off 4:off 5:off So, everything seams to be off, and scpm seams to know about that.... zyrgelkwytng:/var/lib/scpm/profiles/Home/service # scpm switch Work Checking for modified resources Checking for Resources to be started/shut down service SuSEfirewall2_final has to be stopped <-- WHY? service SuSEfirewall2_setup has to be started Checking for dependencies service cups has to be restarted service network has to be restarted service SuSEfirewall2_init has to be restarted Stopping services: SuSEfirewall2_final [ok] <-- WHY? SuSEfirewall2_init [ok] <-- WHY? cups [ok] network [ok] Restoring profile Work restoring file /etc/X11/XF86Config restoring file /etc/cups restoring file /etc/sysconfig/network restoring file /var/lib/YaST2/printers restoring file /etc/sysconfig/SuSEfirewall2 restoring service SuSEfirewall2_init restoring service SuSEfirewall2_setup Starting services: SuSEfirewall2_init [ok] network [failed] SuSEfirewall2_setup [ok] cups [ok] Why did it have to stop the firewall? It should already have been stopped. Why would it try that again. zyrgelkwytng:/var/lib/scpm/profiles/Home/service # chkconfig --list|grep fire SuSEfirewall2_final 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_init 0:off 1:off 2:on 3:on 4:on 5:on 6:off SuSEfirewall2_setup 0:off 1:off 2:off 3:on 4:on 5:on 6:off zyrgelkwytng:/var/lib/scpm/profiles/Home/service # scpm switch Home Checking for modified resources Checking for Resources to be started/shut down service SuSEfirewall2_final has to be stopped service SuSEfirewall2_init has to be stopped service SuSEfirewall2_setup has to be stopped Checking for dependencies service cups has to be restarted service network has to be restarted Stopping services: SuSEfirewall2_final [ok] cups [ok] SuSEfirewall2_setup [ok] network [ok] SuSEfirewall2_init [ok] Restoring profile Home restoring file /etc/X11/XF86Config restoring file /etc/cups restoring file /etc/sysconfig/network restoring file /var/lib/YaST2/printers restoring file /etc/sysconfig/SuSEfirewall2 restoring service SuSEfirewall2_init restoring service SuSEfirewall2_setup Starting services: network [ok] cups [ok] zyrgelkwytng:/var/lib/scpm/profiles/Home/service # chkconfig --list|grep fire SuSEfirewall2_final 0:off 1:off 2:off 3:off 4:off 5:off 6:off SuSEfirewall2_init 0:off 1:off 2:on 3:on 4:on 5:on 6:off SuSEfirewall2_setup 0:off 1:off 2:off 3:off 4:off 5:off 6:off Why is it ON again???? Hmmm... I have to disable it each time I switch back to the Home profile again. Anyone have any idea? I guess it's a bug but I really don't understand it. Can the _ in the service-name have anything to do with it. The service is named SuSEfirewall2_init but the file in /var/lib/scpm/profiles/HOME/service is named SuSEfirewall__init which is a bit strange. Anybody have any idea? please? Regards, Erik
On Tue, Aug 24, 2004 at 10:04:17PM +0200, Erik Bågfors wrote:
Anyone have any idea? I guess it's a bug but I really don't understand it. Can the _ in the service-name have anything to do with it. The service is named SuSEfirewall2_init but the file in /var/lib/scpm/profiles/HOME/service is named SuSEfirewall__init which is a bit strange.
Anybody have any idea? please?
Plain simple. If you haven't changed /etc/scpm.conf, then by default it is set to RESOURCE_SET="typical" which refers to the file /lib/scpm/resource_sets/typical which in its turn does not include any firewall services and firewall configuration files. That means that firewall is not covered in typical resource set. You have two options here. You can either use /lib/scpm/resource_sets/everything (which is overkill IMHO) or you can create a new resource set based on typical just adding file /etc/sysconfig/SuSEfirewall2 service SuSEfirewall2_final service SuSEfirewall2_init service SuSEfirewall2_setup to it. Give it some name, e.g /lib/scpm/resource_sets/typical_fw, and change RESOURCE_SET line appropriately. Switch to both of your profiles, stop firewal in one, save profile, and you should be in business. Regards, -Kastus
On Tue, 2004-08-24 at 22:34, Kastus wrote:
On Tue, Aug 24, 2004 at 10:04:17PM +0200, Erik Bågfors wrote:
Anyone have any idea? I guess it's a bug but I really don't understand it. Can the _ in the service-name have anything to do with it. The service is named SuSEfirewall2_init but the file in /var/lib/scpm/profiles/HOME/service is named SuSEfirewall__init which is a bit strange.
Anybody have any idea? please?
Plain simple.
If you haven't changed /etc/scpm.conf, then by default it is set to
RESOURCE_SET="typical"
which refers to the file /lib/scpm/resource_sets/typical which in its turn does not include any firewall services and firewall configuration files. That means that firewall is not covered in typical resource set.
You have two options here.
You can either use /lib/scpm/resource_sets/everything (which is overkill IMHO) or you can create a new resource set based on typical just adding
file /etc/sysconfig/SuSEfirewall2 service SuSEfirewall2_final service SuSEfirewall2_init service SuSEfirewall2_setup
to it. Give it some name, e.g /lib/scpm/resource_sets/typical_fw, and change RESOURCE_SET line appropriately.
Switch to both of your profiles, stop firewal in one, save profile, and you should be in business.
Thanks for the info but.... Shouldn't it use the active groups? zyrgelkwytng:~ # scpm list_groups -a ntpd Network Time Protocol daemon xf86 X-Server settings autofs Automounter service SuSEfirewall2 SuSE Firewall 2 network Basic network settings printer Printer settings Running the Yast profile manager and doing options->configure resources and there marking SuSEfirewall2 should be enough I thought. Why isn't it? The help on the left says "This list contains all installed resource groups. A resource group usually represents a system service with all needed configuration files. Here, easily choose which services should be handled by the profile management. Activate or deactive the groups by double-clicking them." And I do see that it adds information to /var/lib/scpm/profiles/Home/service/ regarding SuSEfirewall2. Could you or someone please explain why I should need to change the RESOURCE_SET and what it's used for.. It just looks like a default set of active resources.. Regards, Erik
On Wed, 2004-08-25 at 09:16, Erik Bågfors wrote:
On Tue, 2004-08-24 at 22:34, Kastus wrote:
On Tue, Aug 24, 2004 at 10:04:17PM +0200, Erik Bågfors wrote:
Anyone have any idea? I guess it's a bug but I really don't understand it. Can the _ in the service-name have anything to do with it. The service is named SuSEfirewall2_init but the file in /var/lib/scpm/profiles/HOME/service is named SuSEfirewall__init which is a bit strange.
Anybody have any idea? please?
Plain simple.
If you haven't changed /etc/scpm.conf, then by default it is set to
RESOURCE_SET="typical"
which refers to the file /lib/scpm/resource_sets/typical which in its turn does not include any firewall services and firewall configuration files. That means that firewall is not covered in typical resource set.
You have two options here.
You can either use /lib/scpm/resource_sets/everything (which is overkill IMHO) or you can create a new resource set based on typical just adding
file /etc/sysconfig/SuSEfirewall2 service SuSEfirewall2_final service SuSEfirewall2_init service SuSEfirewall2_setup
to it. Give it some name, e.g /lib/scpm/resource_sets/typical_fw, and change RESOURCE_SET line appropriately.
Switch to both of your profiles, stop firewal in one, save profile, and you should be in business.
Thanks for the info but....
Shouldn't it use the active groups? zyrgelkwytng:~ # scpm list_groups -a ntpd Network Time Protocol daemon xf86 X-Server settings autofs Automounter service SuSEfirewall2 SuSE Firewall 2 network Basic network settings printer Printer settings
Running the Yast profile manager and doing options->configure resources and there marking SuSEfirewall2 should be enough I thought. Why isn't it?
The help on the left says "This list contains all installed resource groups. A resource group usually represents a system service with all needed configuration files. Here, easily choose which services should be handled by the profile management. Activate or deactive the groups by double-clicking them."
And I do see that it adds information to /var/lib/scpm/profiles/Home/service/ regarding SuSEfirewall2.
Could you or someone please explain why I should need to change the RESOURCE_SET and what it's used for.. It just looks like a default set of active resources..
Regards, Erik
Ohh.. a follow-up on my own mail. In the info-pages for scpm *NOTE:* Resource Sets have been superseeded by Resource Groups. It is nothing wrong with Resource Sets, they are still supported and you can use them if you want to. So it seams like it's not the way to go :) Rgds, Erik
participants (2)
-
Erik Bågfors -
Kastus