Bug 1129498

Summary: [doc] Capsule Pre-req section: group iptables commands together for faster copy-paste
Product: Red Hat Satellite Reporter: Xixi <xdmoon>
Component: Docs Install GuideAssignee: Peter Ondrejka <pondrejk>
Status: CLOSED CURRENTRELEASE QA Contact: Tahlia Richardson <trichard>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.0.3CC: daobrien, hhudgeon, mosvald, pmoravec
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-27 08:51:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1115190    

Description Xixi 2014-08-13 00:14:40 UTC 
Description of problem:
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#Prerequisites3
The Capsule Installation pre-requisites section has alot of iptable commands, grouping them together would help customers speed this up (especially if more than one Capsule) to copy-paste once instead of 6 times.

Version-Release number of selected component (if applicable):
current

How reproducible:
always

Steps to Reproduce:
1. pls see above
2.
3.

Actual results:
Each iptable command is in its own box separated by explanations.

Expected results:
Group the explanations together and the actual iptables commands together.

Additional info:
Based on GSS Test Day feedback Aug 12 2014 "it would be quite appreciated if Sat6 prerequisities listed in [1] would be put into a simple script - it's tedious to copy&paste one iptables command after another, for Satteline and also each capsule; if no script then please put the commands altogether for just 1 copy&paste
    [1] https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#Prerequisites3"
Comment 1 RHEL Program Management 2014-08-13 00:22:56 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 11 Pavel Moravec 2014-08-16 09:32:43 UTC 
There is a typo in first iptables command, in Satellite6 installation:

# iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \
&& -I INPUT -m state --state NEW -p tcp --dport 5671 -j ACCEPT \
..

(see missing "iptables" command on 2nd line).

Capsule server installation seems fine.
Comment 13 Pavel Moravec 2014-10-17 14:38:42 UTC 
Could be one another change done? (please disregard it if you see it as ridiculous)

Now the commands end with:
..
&& iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
# iptables-save > /etc/sysconfig/iptables

The whole text and also '\' at the end of the last-but-one line suggest to grab whole text - including the latest line(!) - to clipboard and execute.

That would mean "iptables-save" command wont be performed, as it is commented out by "# " (that was meant as root prompt).

So I suggest replacing "#" by "&&" as well here.

The same applies both to Satellite and also Capsule prerequisites.

Thanks for consideration.

(I already saw one customer with the default too-restrictive firewall after Sat6 "installed" and I suspect it could be due to this)
Comment 14 David O'Brien 2014-10-20 08:48:50 UTC 
(In reply to Pavel Moravec from comment #13)
> Could be one another change done? (please disregard it if you see it as
> ridiculous)
> 
> Now the commands end with:
> ..
> && iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
> # iptables-save > /etc/sysconfig/iptables
> 
> The whole text and also '\' at the end of the last-but-one line suggest to
> grab whole text - including the latest line(!) - to clipboard and execute.
> 
> That would mean "iptables-save" command wont be performed, as it is
> commented out by "# " (that was meant as root prompt).
> 

Yes, that's a mistake, sorry :-(

> So I suggest replacing "#" by "&&" as well here.
> 
> The same applies both to Satellite and also Capsule prerequisites.
> 
> Thanks for consideration.
> 
> (I already saw one customer with the default too-restrictive firewall after
> Sat6 "installed" and I suspect it could be due to this)


There's two ways we can fix this. Either:
- remove the \ from last iptables line before "iptables-save" and run the last command separately (I think that's how it was intended), or
- remove the # from the last line and replace it with && as you suggest.

If ppl are copy/pasting the whole lot then the latter is probably the better solution. I'd like to assign this to Athene because she's working on this book atm. Just need to do a quick find/replace; I think there are three instances of this type throughout the book.

Thanks for picking this up.
Comment 15 RHEL Program Management 2015-04-21 16:10:56 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 16 Athene Chan 2015-05-05 12:02:37 UTC 
Changed as per request:

http://file.bne.redhat.com/~achan/Satellite_61/html-single/#form-Red_Hat_Satellite-Installation_Guide-Prerequisites-Required_Network_Ports

http://file.bne.redhat.com/~achan/Satellite_61/html-single/#sect-Red_Hat_Satellite-Installation_Guide-Red_Hat_Satellite_Capsule_Server_Prerequisites-Required_Network_Ports

All # tags on the Capsule Required Network Ports Section and Server Required Network Ports section have been removed.