Bug 845294

Summary: Autoyast is missing features from OS12.3
Product: [openSUSE] openSUSE 13.1 Reporter: Thomas Fehr <fehr>
Component: YaST2Assignee: Michal Filka <mfilka>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None CC: bugs, locilka, luizluca
Version: RC 1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 844761    

Description Thomas Fehr 2013-10-10 12:51:44 UTC 
+++ This bug was initially created as a clone of Bug #844761 +++

Created an attachment (id=562287)
My autoyast.xml

User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36

Hello,

I tried my 12.3 autoyast script and some features did not work.

1) Firewall settings not respected.

Even with:

  <firewall>
    <enable_firewall config:type="boolean">false</enable_firewall>
    <start_firewall config:type="boolean">false</start_firewall>
  </firewall>

When running installation, at the point that I'm able to configure the setup, firewall will apear as enable.
Comment 1 Luiz Angelo Daros de Luca 2013-11-06 17:32:36 UTC 
Still present in RC2!

I'm using this simple autoyast.xml

<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
  <firewall>
    <start_firewall config:type="boolean">false</start_firewall>
  </firewall>
</profile>

BTW, when generating an autoyast.xml from "yast2 autoyast", it does not generate 
"<enable_firewall>", only the <start_firewall>"

Isn't full autoyast functionality critical?
Comment 2 Thomas Fehr 2013-11-25 11:08:10 UTC 
Lukas someone needs to look at autoyast interface for yast2-firewall.
Currently there is mo maintainer for this module.
Comment 3 Lukas Ocilka 2013-11-25 11:28:12 UTC 
Michal, seems to be affected by your changes in Network, or am I wrong?
Comment 4 Michal Filka 2013-11-25 22:04:04 UTC 
Probably yes.

I did a fix for enabling/disabling firewall during installation. But it didn't make it for 13.1 release. So, please retest against factory image.
Comment 5 Thomas Fehr 2013-11-26 11:34:40 UTC 
There is no factory image available openSUSE-UNTESTED contains the same
images as 13.1 GM. Could you tell me the git hash of the fix so I can test it.
Comment 6 Thomas Fehr 2013-11-26 12:25:36 UTC 
I retried this now with 13.1 GA and for me it works as expected.

When using

  <firewall>
    <enable_firewall config:type="boolean">false</enable_firewall>
    <start_firewall config:type="boolean">false</start_firewall>
  </firewall>

There is no firewall running at end of installation.
When using "yast2 clone_system" in the installed system, the created 
firewall section is also fine. Maybe the observed problems were caused
by missing code for runlevel module in 13.1 RC.

To Original reporter (Luiz), please recheck with 13.1 GA and reopen with new 
y2log files when problem still exists.
Comment 7 Luiz Angelo Daros de Luca 2013-11-26 18:09:07 UTC 
Firewall is disabled as configured. I used the configuration in comment 1 but I had to add firewall package manually.

"yast2 autoyast" suggests to use only 
"<start_firewall config:type="boolean">false</start_firewall>".
It really does not make sense to start and enable. And it worked as expected.

Indeed, there is still a problem with the suggested configuration GUI. After initial autoyast scripts, I get a screen that allows me to reconfigure some stuffs. In this first screen, firewall is still marked as enabled. The same problem happens with root password.
Comment 8 Thomas Fehr 2013-11-26 18:31:19 UTC 
Ok, so it was a misunderstanding and like with root password you
mention the misleading text at overview screen before installation 
starts. This is the same as with root password services set up in
second stage (like root password and firewall) do not have right
settings. Simply since firewall config is applied after first boot of
installed system and not while install environment is still running.

The problem with wrongly created xml file I cannot reproduce when
I start "yast2 autoyast" I correctly get

 <firewall>
    <enable_firewall config:type="boolean">false</enable_firewall>
    <start_firewall config:type="boolean">false</start_firewall>
  </firewall>

Which package did you need to install manually?
Comment 9 Luiz Angelo Daros de Luca 2013-11-26 20:57:43 UTC 
Yes, as "overview screen" shows a different info, firewall might have been fixed some time before.

For the XML:

Run: /sbin/yast2 autoyast

Go to Security/firewall/edit, select "Disable...", OK.
Go to Menu/View/Source

You get:

<?xml version="1.0"?>
<!DOCTYPE profile>
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
  <deploy_image>
    <image_installation config:type="boolean">false</image_installation>
  </deploy_image>
  <firewall>
    <start_firewall config:type="boolean">false</start_firewall>
  </firewall>
</profile>

Is it wrong? I though it was just simplified :)

The autoyast conf posted in comment 1 does not select packages. This makes tests faster than a normal installation. However, nothing required SuSEfirewall2 (but yast2-firewall was selected). I guess yast2 might ask to install it if I open "yast2 firewall". If so, I see no problem at all. If not, yast2-firewall should require SuSEfirewall2.

Anyway, The "overview screen" needs some love. Besides not showing autoyast firewall state (as it does with root password), if installation without firewall is allowed, "overview screen" should even omit/disable its config.