I'm working with RHEL/RHWS7 and Horizon 7.1
The documentation says that Horizon agent will automagically configure iptables. But RHEL7 comes with firewalld. I've disabled firewalld and reverted to iptables. But the agent install gives the error message:
"Unable to automatically configure filewall.
Please configure firewall for inbound connections on port 22443/tcp."
I'm guessing programming error on the "filewall" s firewall.
But the question is, does the install agent prefer iptables or firewalld?
Damion Terrell . + (He/Him) + . * . + @ + . * . + .
Core IT Service Specialist * . + * . + . + . + * +
UNM – IT Platforms – VIS + . . . . . . . . .
. + . + * . + * .
* . . + . . . . + . + * + .
“You learn the job of the person above you, * + . + * @
and you teach your job to the person below you..” . * +
Well deeper analysis is that it looks like it can handle both, but has issues if both are installed. It doesn't discern if one is disabled and the other is enabled.
I updated ${scriptdir}bin/commonlib.sh so that iptables comes first:
#
# Identify firewall
#
FIREWALL=
FIREWALL_IPTABLES=IPTABLES
FIREWALL_FIREWALLD=FIREWALLD
[ -z "$FIREWALL" ] && \
which iptables >/dev/null 2>&1 && FIREWALL=${FIREWALL_IPTABLES}
[ -z "$FIREWALL" ] && \
which firewall-cmd >/dev/null 2>&1 && FIREWALL=${FIREWALL_FIREWALLD}
Not the best of coding, but I didn't want to uninstall firewalld either:
Dependencies Resolved
========================================================================================================
Package Arch Version Repository Size
========================================================================================================
Removing:
firewalld noarch 0.4.3.2-8.1.el7_3.2 @rhel-x86_64-workstation-7 1.7 M
Removing for dependencies:
anaconda-core x86_64 21.48.22.93-1.el7 @anaconda/7.3 7.9 M
anaconda-gui x86_64 21.48.22.93-1.el7 @anaconda/7.3 1.4 M
anaconda-tui x86_64 21.48.22.93-1.el7 @anaconda/7.3 426 k
firewall-config noarch 0.4.3.2-8.1.el7_3.2 @rhel-x86_64-workstation-7 1.0 M
initial-setup x86_64 0.3.9.36-1.el7 @anaconda/7.3 213 k
initial-setup-gui x86_64 0.3.9.36-1.el7 @anaconda/7.3 32 k
subscription-manager-initial-setup-addon x86_64 1.17.15-1.el7 @anaconda/7.3 45 k
Transaction Summary
========================================================================================================
Remove 1 Package (+7 Dependent packages)
Installed size: 13 M
Is this ok [y/N]: N
Exiting on user command
Perhaps the developers can use systemctl status instead
[root@h7-trhws7 VMware-horizonagent-linux-x86_64-7.1.0-5141896]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@h7-trhws7 VMware-horizonagent-linux-x86_64-7.1.0-5141896]# systemctl status iptables -l
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
Active: active (exited) since Wed 2017-05-10 11:45:30 MDT; 6min ago
Process: 785 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
Main PID: 785 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/iptables.service
May 10 11:41:37 h7-trhws7.colleges.ad.unm.edu systemd[1]: Starting IPv4 firewall with iptables...
May 10 11:45:30 h7-trhws7.colleges.ad.unm.edu iptables.init[785]: iptables: Applying firewall rules: [ OK ]
May 10 11:45:30 h7-trhws7.colleges.ad.unm.edu systemd[1]: Started IPv4 firewall with iptables.
Damion Terrell . + (He/Him) + . * . + @ + . * . + .
Core IT Service Specialist * . + * . + . + . + * +
UNM – IT Platforms – VIS + . . . . . . . . .
. + . + * . + * .
* . . + . . . . + . + * + .
“You learn the job of the person above you, * + . + * @
and you teach your job to the person below you..” . * +
Thanks for sharing the tip.
We will take a look and enhance the installer.
