QA » openQA Project » openQA Tests

Any update here? There is still a soft fail in the testsuit for the realted bug: https://bugzilla.suse.com/show_bug.cgi?id=1154156

this one is more or less can start work, but this need function level check,

discuss with Richard we decide work on following scenario:
12(check susefirewall status)->15(using tools to deploy firewalld, and make sure firewalld status is ok)

run with branch
https://openqa.nue.suse.com/tests/5241595
https://openqa.nue.suse.com/tests/5241605

PR: https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/11679

with changed code:
https://openqa.nue.suse.com/t5246402
https://openqa.nue.suse.com/tests/5252214 ==> running

susefirewall2-to-firewalld with no parameters is just a dry run.
while susefirewall2-to-firewalld -c will do the actual transfer work.

barry:~/:[0]# susefirewall2-to-firewalld -h

susefirewall2-to-firewalld-0.0.4, Copyright (c) 2016 SUSE LINUX Products GmbH

Migration script for SuSEfirewall2 to firewalld.

Options:
-c Commit changes. The script will make changes to the system so
make sure you only use this option if you are really happy with the proposed
changes. This will reset your current firewalld configuration so make sure you
make backups!
-d Super noisy. Use it to file bug reports but be careful to mask sensitive
information.
-h This message
-q No output. Errors will not be printed either!
-v Verbose mode. It will print warnings and other informative messages.

Calling /usr/sbin/susefirewall2-to-firewalld without any option is the safest option
since it will only output what it will do without committing any changes.
The only 'invasive' change in your system would be to start/stop/restart
firewalld and SuSEfirewall2 services which may affect your network connectivity
and lock yourself out of your system. DO NOT run this script on systems you can
only access via network services (eg ssh). Make sure you backup your iptables
rules before you proceed.

You should also be aware that if you omit the '-c' option then certain commands
may look a bit odd to you (or you may spot duplicate commands). That's mostly
normal because the execution flow depends on certain firewalld commands which
will not be executed unless you tell the script to do so.

after commit change with -c
INFO: ##################################################################################
INFO:
INFO: Your SuSEfirewall2 rules have been migrated to FirewallD. A celebration is in order!
INFO:
INFO: Please note that the firewalld rules haven't been made permanent yet.
INFO: Use 'firewall-cmd --list-all-zones' to verify you are happy with the proposed
INFO: configuration and then use 'firewall-cmd --runtime-to-permanent' to make it permanent.
INFO: However, you are advised to look at the following resources and/or
INFO: commands before making permanent changes to your firewall:
INFO:
INFO: - http://www.firewalld.org/documentation/
INFO: - firewall-cmd --help
INFO: - firewall-cmd --list-all-zones
INFO: - firewall-cmd --direct --get-all-passthrough
INFO: - And the firewalld manpages of course!
INFO:
INFO: ##################################################################################

new run https://openqa.nue.suse.com/tests/5252285/file/autoinst-log.txt failed

another new one after changing code:
https://openqa.nue.suse.com/t5252500
https://openqa.nue.suse.com/tests/5252608#step/check_upgraded_service/11 passed

run s390 with reboot_gnome failed to verify the firewalld issue #81184
https://openqa.nue.suse.com/tests/5254024 FAILED
https://openqa.nue.suse.com/tests/5254054 -> with 'firewall-cmd --runtime-to-permanent' failed

new run:
https://openqa.nue.suse.com/tests/5254598
https://openqa.nue.suse.com/tests/5254599

with "iptable -S result"
https://openqa.nue.suse.com/t5254713
https://openqa.nue.suse.com/t5254714

with move reboot_gnome to after xterm and diag 'iptable -s result'
https://openqa.nue.suse.com/t5258670
https://openqa.nue.suse.com/t5258671
https://openqa.nue.suse.com/t5258672

failed: Reason: backend died: Error connecting to VNC server 10.161.145.81:5901: IO::Socket::INET: connect: No route to host

new run
https://openqa.nue.suse.com/t5259009

run on x86 https://openqa.nue.suse.com/t5266794
s390x https://openqa.nue.suse.com/tests/5266785

new run without exclude modules x86
https://openqa.nue.suse.com/t5266836

run with s390x all modules
https://openqa.nue.suse.com/t5270765
https://openqa.nue.suse.com/t5270770

Huajian Luo @hjluo
6:26 AM
hi yifang, we have a issue after change susefirewall to firewalld after migration, could you please help us to see if it's desktop related? thanks
https://openqa.nue.suse.com/tests/5266785#step/desktop_runner/42
in the log we found the following
[ 299.593357] systemd[1]: Finished SuSEfirewall2 phase 2.
[ 300.280218] systemd[1]: Stopping SuSEfirewall2 phase 2...
[ 300.604775] SuSEfirewall2[15929]: Firewall rules unloaded.
[ 300.606427] systemd[1]: SuSEfirewall2.service: Succeeded.
[ 300.606519] systemd[1]: Stopped SuSEfirewall2 phase 2.
[ 300.743775] systemd[1]: SuSEfirewall2_init.service: Succeeded.
[ 300.743856] systemd[1]: Stopped SuSEfirewall2 phase 1.
[ 300.882328] systemd[1]: Starting firewalld - dynamic firewall daemon...
[ 301.826824] systemd[1]: Started firewalld - dynamic firewall daemon.
[ 348.037064] systemd[1]: snapperd.service: Succeeded.
[ 426.162444] gnome-shell[9967]: JS WARNING: [resource:///org/gnome/shell/ui/popupMenu.js 737]: reference to undefined property "_delegate"
[ 487.675002] systemd[1]: Reloading.
[ 489.058880] systemd[1]: /usr/lib/systemd/system/plymouth-start.service:15: Unit configured to use KillMode=none. This is unsafe, as it disables systemd's process lifecycle management for the service. Please update your service to use a safer KillMode=, such as 'mixed' or 'control-group'. Support for KillMode=none is deprecated and will eventually be removed.
[ 489.066014] systemd[1]: /usr/lib/dracut/modules.d/98dracut-systemd/dracut-pre-udev.service:27: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
it also failed in reboot_gnome with same error, thanks

yfjiang
Yifan Jiang @yfjiang
6:32 AM
if it does not fail when using susefirewall, I guess it could be setup of firewalld
testing s390 needs vnc

hjluo
Huajian Luo @hjluo
6:32 AM
yes
but it will fail when run reboot_gnome with susefirewall

yfjiang
Yifan Jiang @yfjiang
6:36 AM
how come reboot_gnome does not have jouranl log itself?
I don't have a clue without the journal though...

hjluo
Huajian Luo @hjluo
6:37 AM
wait
https://openqa.nue.suse.com/tests/5248783
but when use the susefirewall to firewalld it resulted in https://openqa.nue.suse.com/tests/5265489#

yfjiang
Yifan Jiang @yfjiang
6:40 AM
as I said, if it works with susefirewall, it could be firewalld blocked vnc connection.
Or do you mean this one does not work either? https://openqa.nue.suse.com/tests/5248783

hjluo
Huajian Luo @hjluo
6:43 AM
this one https://openqa.nue.suse.com/tests/5248783 failed for s390 vnc issue

yfjiang
Yifan Jiang @yfjiang
6:43 AM
okay
and this one does not have a journal log https://openqa.nue.suse.com/tests/5265489#

hjluo
Huajian Luo @hjluo
6:46 AM
https://openqa.nue.suse.com/tests/5265489/file/autoinst-log.txt search "Finished SuSEfirewall2 phase 2"

hjluo
Huajian Luo @hjluo
6:52 AM
thank you so much for your help, appreciated

yfjiang
Yifan Jiang @yfjiang
6:53 AM
I checked, but couldn't understand what you meant, didn't the phase 2 happened before "reboot_gnome" case?
Or do you mean something else.
If you look at the log lines after it staring "reboot_gnome", there are not hint of rebooting popped up from journal though. That's why I was confused it has no journal.

hjluo
Huajian Luo @hjluo
6:55 AM
ok

add consoletest_finish and run on s390x
https://openqa.nue.suse.com/t5270845
https://openqa.nue.suse.com/t5270846