[Spacewalk-list] Remote firewall-cmd from Spacewalk
Dillon Mills
dmills at qualcomm.com
Tue Feb 27 22:23:32 UTC 2018
I was recently trying to mass configure firewalld on a bunch of RHEL7 boxes using Spacewalk, trying to ensure SNMP was enabled.
So - mirroring what I would do from the shell - the script consisted of two lines:
firewall-cmd --add-service=snmp
firewall-cmd --add-service=snmp -permanent
The command was picked up by the OSA (jabber) immediately on the ~65 machines, but it didn't seem to finish. Logging onto one of them, rhn_check and the firewall-cmd command were just sitting there in the process list, with no apparent activity of any kind. After 600 seconds, it timed out and both processes terminated, and reported "failure" for the remote command in Spacewalk for all the servers.
The raw output from the failure consists of a lot of this:
"ERROR:dbus.proxies:Introspect error on :1.3:/org/fedoraproject/FirewallD1: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken."
Is there some "gotcha" I'm not realizing here with running firewall-cmd remotely?
Note: I *was* able to run
firewall-offline-cmd --add-service=snmp
But the changes didn't take effect until I reloaded firewalld. So I have a workaround, but mostly I'm just interested in why this didn't work how I expected. Maybe I need to learn a little something about dbus in the process :) Thanks!
More information about the Spacewalk-list
mailing list