Bug 6957

Summary: SuSEfirewall2 firewall backend is broken on SLE 12 when running tl-setup through SSH
Product: ThinLinc Reporter: Karl Mikaelsson <derfian>
Component: Server InstallerAssignee: Henrik Andersson <hean01>
Status: NEW ---    
Severity: Normal CC: ossman
Priority: P2    
Version: trunk   
Target Milestone: LowPrio   
Hardware: PC   
OS: Unknown   
Acceptance Criteria:

Description Karl Mikaelsson cendio 2017-04-21 13:20:05 CEST 
When installing ThinLinc on Suse Linux Enterprise 12, you get this message in /var/log/tlsetup.log:

> 2017-04-21 10:49:07,976: No supported firewall backend detected.

SuSEfirewall2 is the firewall system used by SLE12. The lack of support for this firewall backend means that you can't set up ThinLinc clusters without manually configuring the firewall on each machine. We ought to support it to provide a better out-of-box experience for Suse users.

/var/log/vsmserver.log:
> 2017-04-21 12:37:01 WARNING vsmserver: Timeout getting load from VSM Agent lab-132.lkpg.cendio.se:904, marking as down
Comment 1 Karl Mikaelsson cendio 2017-04-25 15:01:27 CEST 
This fails:

 ssh root@machine /opt/thinlinc/sbin/tl-setup

> 2017-04-25 14:54:01,927: No supported firewall backend detected.

This works:

 ssh root@machine
 # /opt/thinlinc/sbin/tl-setup

> 2017-04-25 14:54:36,227: Detected firewall backend FirewallBackendSuse

The only thing differing in tl-setup output is the Firewall configuration.
Comment 2 Peter Åstrand cendio 2017-04-26 10:04:54 CEST 
The problem comes from the fact that tl-setup executes "/sbin/SuSEfirewall2 status", but this command requires a pty:

$ ssh root@dhcp-254-34 /sbin/SuSEfirewall2 status
Password: 
(empty output)

$ ssh -t root@dhcp-254-34 /sbin/SuSEfirewall2 status
Password: 
### iptables filter ###
Chain INPUT (policy DROP 0 packets, 0 bytes)
...