0

I am installing centos with kickstart and during installation in post script it suppose to update device over tftp.

in my script i trigger that device which ultimately copy firmware from my system(where my kickstart is running).

These firewall rules works after first reboot but i want to do it in post section of kickstart.

firewall --enabled --service=tftp --service=ssh 

%post --erroronfail --log=/tmp/ks-post.log --interpreter=/usr/bin/bash
echo -e $(firewall-cmd  --list-services)
telnet> copy tftp x.x.x.x device-firmware my.rom
%end

But echo command output that firewalld is not running

ImranRazaKhan
  • 150
  • 3
  • 15
  • I might be wrong *think* that your actual problem is not the firewall (which shouldn't be blocking anything at all at this stage of your kickstart) but rather something else. What is that `telnet> copy tftp x.x.x.x device-firmware my.rom` supposed to do? I would expect a commandline tftp like for instance `tftp -m binary hostname -c get remote-file /path/to/local-file-name` if you need to download something – HBruijn Apr 24 '19 at 10:34

2 Answers2

1

As far as I know firewalld is only configured by kickstart and not activated (neither with the new config or at all) during the kickstart installation itself.

Kickstart uses firewall-offline-cmd to configure the firewall settings and that is what you should use to query the firewall as well.

The alternative is that you explicitly start firewalld in your %post section after that you can use firewall-cmd .

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • i tried to start firewalld in post(systemctl start firewalld) its throwing error "Running in chroot, ignoring request" – ImranRazaKhan Apr 24 '19 at 12:36
  • 1
    You can't start services of the installed system during installation, fortunately. This is not an option. You should use `firewall-offline-cmd` or copy preconfigured XML files. – Michael Hampton Apr 24 '19 at 12:55
0

May be I'm wrong, but in %post section it's using the ram OS. So I don't see what's the point to use firewalld here. BTW you can copy that file in %pre section (dns won't work here but wget,curl etc will) and create the config files of firewalld in the %post section (/etc/firewalld).

gixnex
  • 143
  • 10
  • i need firewalld only to allow tftp traffic, which i dont think will work in %pre – ImranRazaKhan Apr 24 '19 at 13:17
  • How are you kickstarting the machine? PXE? If so then you have to filter the traffic to the assigned dhcp ip there, it would be easier than doing it in the KS process. – gixnex Apr 24 '19 at 15:19