Bugzilla – Bug 1083486
yast2 configuration part for nfs-server shows "Some firewalld services are not available"
Last modified: 2022-08-13 00:03:03 UTC
+++ This bug was initially created as a clone of Bug #1083456 +++ ## Observation The yast2 configuration part for nfs-server shows "Some firewalld services are not available", namely "nfs-kernel-server" ## Expected result The firewall should be configurable as in SLE 12 SP3 GM or the yast configuration part should offer to install missing configuration packages. https://openqa.suse.de/tests/1483304#step/yast2_vnc/7 shows the corresponding screen for SLE12-SP4 and https://openqa.suse.de/tests/1058545#step/yast2_vnc/7 for SLE12-SP3 respectively where we can see the configuration part for the firewall. This is showing two nice features: As the firewall is disabled it is stating this nicely and understandable and the port in the firewall could be opened. An older build of SLE15 - before the conversion to firewalld - showed the feature to install missing packages: https://openqa.suse.de/tests/1196453#step/yast2_vnc/6
Knut, could you comment?
It means that service definition file for firewalld is not available at the moment. As various services distribute their definition files in different ways and we wanted to avoid maintaining a mapping (service -> package) firewall reports this way.
All the modules that were opening some rpcbind based protocol are not directly supported by firewalld, see: https://bugzilla.suse.com/show_bug.cgi?id=1083487#c8 Which means that needs to be decided what to do with modules that where opening RPC ports.
> An older build of SLE15 - before the conversion to firewalld - showed the > feature to install missing packages: > https://openqa.suse.de/tests/1196453#step/yast2_vnc/6 this requests installing missing SuSEFirewall package as it used to be mandatory. But with firewalld, firewall is not mandatory any more. a short summary: yast opens firewall according to the service definition(s). If some of definition(s) for user's request is missing, firewall states an error. However we're unable to make any suggestion what package should be installed to fix that. General approach is to use service definitions as shipped with firewalld and only in very specific and rare cases use SUSE specific ones. So according to the description yast behaves as expected here.
Sorry, I don't understand. I crosschecked on openSUSE Leap 15.0 and the same error shows up. yast2-nfs-server reports that the firewall is not configurable and "nfs-kernel-server" is not available. I do not understand what I as a user would need to do here. Maybe it is just about rephrasing messages but as of now I read the message as "something is wrong" which needs fixing.
(In reply to Oliver Kurz from comment #5) > Sorry, I don't understand. I crosschecked on openSUSE Leap 15.0 and the same > error shows up. yast2-nfs-server reports that the firewall is not > configurable and "nfs-kernel-server" is not available. I do not understand > what I as a user would need to do here. Maybe it is just about rephrasing > messages but as of now I read the message as "something is wrong" which > needs fixing. There are two things mixed together 1) enabling the service itself. Firewalld is currently unable to open for nfs bcs it doesn't contain support rpcbind (which is needed for NFSv3). That's why yast complains (not all services for which the firewall has to be opened to complete the task do have a definition file available). This part is completely out of yast. As already described elsewhere we (SUSE) can either: - implement support as needed into firewalld, or - do a SUSE hack - do not support opening firewall for such services (like NFS, NIS, ...) and leave user on his own 2) UX part. When such issue as described in (1) happens, yast complains that "Some firewalld services are not available" and lists those services e.g. "ypbind (Not available)" in https://openqa.suse.de/tests/1506247#step/yast2_nis/6 That's all what yast can do. In fact it is even more than it did before. Yast is unable to propose what package has to be added to solve the issue and never did so. Here: (In reply to Oliver Kurz from comment #0) > An older build of SLE15 - before the conversion to firewalld - showed the > feature to install missing packages: > https://openqa.suse.de/tests/1196453#step/yast2_vnc/6 yast only complains that the package with firewall itself (SUSEFirewall) is missing bcs at that time it was mandatory one. However, since the feature "switch to firewalld" has been implemented it is not true and firewall is not mandatory anymore. So, I really don't see how yast can be improved now. We can slightly rephrase the message. However AFAIK we use only common firewall terminology. Do you have any proposal how to improve that?
*** Bug 1089983 has been marked as a duplicate of this bug. ***
Hello, I can confirm that this is not working on [SLE15] but is already working on [SLE12-SP4]. [SLE15]: http://pdostal-server.suse.cz/tests/1786#step/yast2_nfs_server/38 [SLE12-SP4]: http://pdostal-server.suse.cz/tests/1782#step/yast2_nfs_server/34
*** Bug 1130093 has been marked as a duplicate of this bug. ***
In the meantime the situation has changed and also the UX has slightly improved. However we still track this issue in the tests, e.g. in https://openqa.suse.de/tests/2925044#step/nis_server/42 from one of the last SLE15-SP1 tests. @riafarov over to you as PO for QSF-y to decide what else needs to be improved and/or adaption of the soft-fail reference regarding this bug.
The issue is still there and there are no rules for ypserv, which we create manually to avoid described error in the UI. It's technically harder to resolve as those are dynamically allocated ports, but it's configurable: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/storage_administration_guide/s2-nfs-nfs-firewall-config
AFAIU, it was decided to not have ports auto-configuration for NFS anymore, see https://bugzilla.suse.com/show_bug.cgi?id=1083487#c36.
Also, it is said in comment 6 here that there is no firewalld support for rpcbind, but in the meantime it was added.
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/5553048 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/5689053 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/1686052 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/5814282 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/5898705 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/6008348 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/5989367 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/1757215 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/5989367 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/6351973 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/1757215 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/6601126 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/6900620 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/1900934 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The label in the openQA scenario is removed
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/1920437 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/1930352 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/7430927 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/7571484 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.suse.de/tests/7618247 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
shifting the bug to a public project as it also shows up in openSUSE Tumbleweed. It's likely still applicable for SLE as well
Sadly, YaST is here just the messenger, so reassigning to another component.
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/2076922 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/7897357 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/7945976 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/8003316 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/8092596 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/8183531 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234`
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: qam-nfs-server https://openqa.suse.de/tests/8337840 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234` Expect the next reminder at the earliest in 56 days if nothing changes in this ticket.
Hi Basesystem maintainers! Is there any plan to define the missing firewalld service in the future? Still present in latest build of SLE-15-SP4 and Tumbleweed: https://openqa.suse.de/tests/8686873#step/yast2_nfs4_server/66 https://openqa.opensuse.org/tests/2329895#step/yast2_nfs4_server/58
This is an autogenerated message for openQA integration by the openqa_review script: This bug is still referenced in a failing openQA test: yast2_nfs_v3_server https://openqa.opensuse.org/tests/2395463 To prevent further reminder comments one of the following options should be followed: 1. The test scenario is fixed by applying the bug fix to the tested product or the test is adjusted 2. The openQA job group is moved to "Released" or "EOL" (End-of-Life) 3. The bugref in the openQA scenario is removed or replaced, e.g. `label:wontfix:boo1234` Expect the next reminder at the earliest in 196 days if nothing changes in this ticket.