perfSONAR User Q&A and Other Discussion

[Andrew Lake <>]

Hi Jeremy,

I have seen this a couple times before. It’s specific to the ISO install as far as I can tell. When it’s happened before it was because the netfilters kernel module wasn’t loaded in the kernel the ISO had running during the install process. The usual modprobes or changing the install order of packages doesn’t seem to affect it. We had trouble getting it to happen 100% of the time too. In 3.5.1 we’ve added a boot script to run the configure_firewall script as well to catch cases where it didn’t work in the post install process of the ISO. I have never seen a problem when doing a "yum install” or “yum update” on an existing CentOS machine, just during the ISO install process. 

Thanks,

Andy

On February 12, 2016 at 1:10:26 PM, Cather, Jeremy () wrote:

Passing "/opt/perfsonar_ps/toolkit/scripts/configure_firewall install" prompts it to generate the iptables config and start iptables... but. What else is not working is the next issue on my mind... Usually this operation is a post installation scripted event. At least it was for a few other installs a few months ago. It had been inconsistent when it would run, but it ran and generated configs. This week it seems to have failed to run at all.

I'll likely abandon the netinstall iso in favor of manual installs in the future. I've had this experience on a few Dell Poweredge 710 and 2950 machines.

Downloaded from links on perfsonar.net. MD5 was fine.

Thank you,

Jeremy

-----Original Message-----
From: Pedro Reis [mailto:]
Sent: Friday, February 12, 2016 11:08 AM
To: Cather, Jeremy <>;
Subject: Re: [perfsonar-user] 3.5 Toolkit netinstall: iptables no rules

Hello,

I normally use the manual install and the firewall rules are a optional packages.

I run "yum install perl-perfSONAR_PS-Toolkit-security"
and then
"/opt/perfsonar_ps/toolkit/scripts/system_environment/configure_firewall"

As you can find in http://docs.perfsonar.net/install_centos.html

Don't know if in the netinstall you need to run this steps or not, but maybe someone more knowledgeable can give a better tip.

PS - Did you check the hash of the image you are using?

Com meus melhores cumprimentos | Best Regards Pedro Reis Área de Serviços de Rede | Network Services Area
FCT|FCCN
Av. do Brasil, n.º 101
1700-066 Lisboa - Portugal
Telefone|Phone +351 218 440 100; Fax +351 218 472 167
www.fccn.pt

On 12/02/2016 15:22, wrote:
> So I've installed and reinstalled a few times. I have not been able to
> discern how or when the trigger to create the iptables config fires.
> Sometimes it is a few hours and occasionally a few days will go by and
> it still hasn't created/applied the firewall config.
>
> I'm following the directions in the documentation
> http://docs.perfsonar.net/install_centos_netinstall.html
>
> I'm operating in an environment where I have to set a static IP is
> that making some kind of difference?
>
> I set the IP via
> /opt/perfsonar_ps/toolkit/scripts/nptoolkit-configure.py
> because It comes up with DHCP on but the settings were passed from
> installation, but DHCP will fail until I set it to use a static. I
> also set the timezone and then reboot as the script suggests.... after
> that I wait to see if it is going to configure the firewall or not
>
> What basic tenant am I missing?
>
> Cheers,
>