Bug 1278432
| Summary: | Web-UI: HTML5-Console: Ports 5900:5999 not enabled in firewall | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Ramesh A <rananda> |
| Component: | Appliance | Assignee: | Nick Carboni <ncarboni> |
| Status: | CLOSED ERRATA | QA Contact: | Ramesh A <rananda> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 5.5.0 | CC: | abellott, cpelland, jhardy, obarenbo, simaishi |
| Target Milestone: | GA | ||
| Target Release: | 5.5.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 5.5.0.10 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-12-08 13:44:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ramesh A
2015-11-05 13:07:54 UTC
5.5.z MR http://gitlab.cloudforms.lab.eng.rdu2.redhat.com/cloudforms/cfme-appliance-build/merge_requests/2 New commit detected on ManageIQ/manageiq-appliance-build/master: https://github.com/ManageIQ/manageiq-appliance-build/commit/d6dbe51a513fd37e61a099541493662b79980779 commit d6dbe51a513fd37e61a099541493662b79980779 Author: Nick Carboni <ncarboni> AuthorDate: Thu Nov 5 10:14:09 2015 -0500 Commit: Nick Carboni <ncarboni> CommitDate: Thu Nov 5 17:05:25 2015 -0500 Enable ports 5900-5999 for HTML5 console Removed the `firewall` command in favor of opening ports in the post section. The kickstart `firewall` command was adding the ports to the default zone which is "public" at the time the main section runs. We later create the "manageiq" zone and set that to the default causing the ports to still be closed in the active zone. https://bugzilla.redhat.com/show_bug.cgi?id=1278432 kickstarts/base.ks.erb | 2 -- kickstarts/partials/main/firewall.ks.erb | 5 ----- kickstarts/partials/post/firewalld.ks.erb | 7 +++++++ 3 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 kickstarts/partials/main/firewall.ks.erb Good to go. Verified and working fine in 5.5.0.10-beta2.1.20151110134042_d6f5459
Firewall status:
=================
[root@server vmdb]# service firewalld status
Redirecting to /bin/systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Mon 2015-11-16 03:39:21 EST; 1 day 1h ago
Main PID: 727 (firewalld)
CGroup: /system.slice/firewalld.service
└─727 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Port status:
===============
[root@server vmdb]# iptables -L -n -v
Chain IN_manageiq_allow (1 references)
pkts bytes target prot opt in out source destination
51 3060 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 ctstate NEW
9 540 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW
164 9840 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
476 28560 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 ctstate NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 ctstate NEW
16 960 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:5999 ctstate NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2551 |