1

I have the following commands in a Kickstart post-install script:

firewall-offline-cmd --new-zone=management
firewall-offline-cmd --zone=management --add-service=ssh --add-service=snmp
firewall-offline-cmd --zone=management --change-interface=eth1
nmcli device modify eth1 connection.zone management

From my reading it seems that firewalld can't make these changes when NetworkManager is in the picture, so I added in the nmcli command to change the zone. But it is not taking effect. After the install is complete and the server reboots, the interface remains in the default zone. After that I can then run the nmcli command and it will take effect.

I can't find anything online about this problem, except maybe this article, but it's behind a paywall.

miken32
  • 942
  • 1
  • 13
  • 35

2 Answers2

1

I've run into this issue as well. I got around it with this hack:

echo 'ZONE=management' >> /etc/sysconfig/network-scripts/ifcfg-eth1

I'd prefer something more elegant but have settled on that for the time being.

Jeremy
  • 51
  • 3
0

Long story short: "Do not use it, it does not work"

Resolution

  • During installation, or even %post script executions, lots of locks are not enabled, as well as lots of required services are not running. That environment is anaconda execution environment and when one does chroot it to the installed machine, the same running environment is used with bind options of the pseudo filesystems.
  • Due to lack of such setup in the installed setup during anaconda execution, there are problems with nmcli executions. Not everything works in %post section of kickstart which work on fully functional running machine, so one might be facing this problems.
  • The only better way is to run this once the machine is rebooted and fully functioning post installation. One can also put this in some kind of firstboot logic if one wants to run this only once.

So nmcli is good tool for network config automation. You can use is for every purpose, except installation.

ibre5041
  • 285
  • 1
  • 8