You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On openSUSE MicroOS (and I guess other transactional systems) the firewalld states fail because firewall-cmd cannot connect to the dbus inside the transaction. This also may happen to other Salt modules that are utilizing the dbus inside a transaction but I didn't explicitly test this.
Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
firewalld-k8s-public:
firewalld.present:
- name: public
- ports:
- 6443/tcp
Please be as specific as possible and give set-up details.
on-prem machine
VM (Virtualbox, KVM, etc. please specify)
VM running on a cloud service, please be explicit and add details
container (Kubernetes, Docker, containerd, etc. please specify)
or a combination, please be explicit
jails if it is FreeBSD
classic packaging
onedir packaging
used bootstrap to install
Steps to Reproduce the behavior
Use the state given at the start of the bug description.
Apply it on openSUSE MicroOS
See error returned by the minion executing the state.
----------
ID: firewalld-k8s-public
Function: firewalld.present
Name: public
Result: False
Comment: Error: firewall-cmd failed: Error: DBUS_ERROR: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
Started: 21:09:25.598104
Duration: 266.88 ms
Changes:
Expected behavior
Salt should be able to configure firewalld without issues on transactional systems.
Screenshots
If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
Salt Version:
Salt: 3006.0Python Version:
Python: 3.11.8 (main, Feb 08 2024, 08:03:16) [GCC]Dependency Versions:
cffi: 1.16.0cherrypy: Not Installeddateutil: Not Installeddocker-py: Not Installedgitdb: Not Installedgitpython: Not InstalledJinja2: 3.1.3libgit2: 1.7.2looseversion: 1.3.0M2Crypto: 0.40.0Mako: Not Installedmsgpack: 1.0.7msgpack-pure: Not Installedmysql-python: Not Installedpackaging: 23.2pycparser: 2.21pycrypto: Not Installedpycryptodome: Not Installedpygit2: 1.14.1python-gnupg: Not InstalledPyYAML: 6.0.1PyZMQ: 25.1.2relenv: Not Installedsmmap: Not Installedtimelib: Not InstalledTornado: 4.5.3ZMQ: 4.3.5System Versions:
dist: opensuse-microos 20240307 locale: utf-8machine: x86_64release: 6.7.7-1-defaultsystem: Linuxversion: openSUSE MicroOS 20240307
Additional context
I am using the RPM built by the openSUSE community with the salt-transactional-update. In the following you are seeing that firewalld is in fact running and active but Salt can't access it:
esprimo-2:~ # firewall-cmd --list-all
public (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: enp0s31f6
sources:
services: dhcpv6-client ssh
ports: 6443/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
esprimo-2:~ # transactional-update shell
Checking for newer version.
transactional-update 4.6.0 started
Options: shell
Separate /var detected.
2024-03-09 21:09:41 tukit 4.6.0 started
2024-03-09 21:09:41 Options: -c12 open
2024-03-09 21:09:42 Using snapshot 12 as base for new snapshot 13.
2024-03-09 21:09:42 /var/lib/overlay/12/etc
2024-03-09 21:09:42 Syncing /etc of previous snapshot 11 as base into new snapshot "/.snapshots/13/snapshot"
2024-03-09 21:09:42 SELinux is enabled.
Relabeled /var/lib/rancher/k3s from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/agent from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/agent/containerd from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/agent/containerd/io.containerd.snapshotter.v1.overlayfs from system_u:object_r:var_lib_t:s0 to system_u:object_r:container_var_lib_t:s0
Relabeled /var/lib/rancher/k3s/data from system_u:object_r:var_lib_t:s0 to system_u:object_r:k3s_data_t:s0
ID: 13
2024-03-09 21:09:44 Transaction completed.
Opening chroot in snapshot 13, continue with 'exit'
2024-03-09 21:09:44 tukit 4.6.0 started
2024-03-09 21:09:44 Options: call 13 bash
2024-03-09 21:09:45 Executing `bash`:
transactional update # firewall-cmd --list-all
Error: DBUS_ERROR: Failed to connect to socket /run/dbus/system_bus_socket: No such file or directory
transactional update # exit
2024-03-09 21:09:57 Application returned with exit status 36.
2024-03-09 21:09:57 tukit 4.6.0 started
2024-03-09 21:09:57 Options: close 13
2024-03-09 21:09:59 New default snapshot is #13 (/.snapshots/13/snapshot).
2024-03-09 21:09:59 Transaction completed.
Please reboot your machine to activate the changes and avoid data loss.
New default snapshot is #13 (/.snapshots/13/snapshot).
transactional-update finished
The text was updated successfully, but these errors were encountered:
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at saltproject@vmware.com. We’re glad you’ve joined our community and look forward to doing awesome things with you!
Description
On openSUSE MicroOS (and I guess other transactional systems) the firewalld states fail because
firewall-cmd
cannot connect to the dbus inside the transaction. This also may happen to other Salt modules that are utilizing the dbus inside a transaction but I didn't explicitly test this.Setup
(Please provide relevant configs and/or SLS files (be sure to remove sensitive info. There is no general set-up of Salt.)
Please be as specific as possible and give set-up details.
Steps to Reproduce the behavior
Expected behavior
Salt should be able to configure firewalld without issues on transactional systems.
Screenshots
If applicable, add screenshots to help explain your problem.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Additional context
I am using the RPM built by the openSUSE community with the
salt-transactional-update
. In the following you are seeing that firewalld is in fact running and active but Salt can't access it:The text was updated successfully, but these errors were encountered: