Bug 1298096

Summary:	Red Hat Storage Console should be fully functional with firewall activated
Product:	Red Hat Storage Console	Reporter:	Martin Kudlej <mkudlej>
Component:	unclassified	Assignee:	Nishanth Thomas <nthomas>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Martin Bukatovic <mbukatov>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	2	CC:	julim, kdreyer, mbukatov, mkudlej, nthomas, rcyriac, sankarshan, sisharma
Target Milestone:	---	Keywords:	TestBlocker
Target Release:	2
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	rhscon-core-0.0.29-1.el7scon.x86_64.rpm	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-11-19 05:33:26 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:

Description Martin Kudlej 2016-01-13 09:00:22 UTC

Description of problem:
Now firewall should be disabled for correct functionality. I think RHSCon should work with activated firewall.

Version-Release number of selected component (if applicable):
rhscon-ui-0.0.6-0.1.alpha1.el7.noarch
rhscon-core-0.0.6-0.1.alpha1.el7.x86_64
rhscon-ceph-0.0.4-0.1.alpha1.el7.x86_64

Comment 5 Ju Lim 2016-06-17 12:55:39 UTC

Port list has been documented by Dev team on Trello card, but QE team meeds to be verify and ensure it's documented.

Comment 6 Nishanth Thomas 2016-06-17 12:57:01 UTC

Published the list of ports to be documented. Once QE verifies, need to move this bug to documentaion

Comment 7 Martin Bukatovic 2016-06-24 13:19:51 UTC

(In reply to Nishanth Thomas from comment #6)
> Published the list of ports to be documented. Once QE verifies, need to move
> this bug to documentaion

There are some tweaks in the progress, along with the documentation. Moving
back to assigned and the dev team is expected to flip it back to ON_QA when
the setup is finalized.

Comment 8 Darshan 2016-06-28 08:54:32 UTC

The firewall configuration to be documented has been communicated to doc team. It is also documented in skyring github wiki: https://github.com/skyrings/skyring/wiki/Firewall-configuration-for-skyring.

Have sent a patch for removing the disable of firewalld during skyring-setup.

Comment 9 Ken Dreyer (Red Hat) 2016-06-28 12:51:04 UTC

Note, the ceph-installer package contains its own firewalld service definition, so you can avoid specifying the port number (8181), and simply enable it like so:

sudo firewall-cmd --zone=public --add-service=ceph-installer

Comment 10 Martin Bukatovic 2016-06-28 14:13:47 UTC

(In reply to Ken Dreyer (Red Hat) from comment #9)
> Note, the ceph-installer package contains its own firewalld service
> definition, so you can avoid specifying the port number (8181), and simply
> enable it like so:
> 
> sudo firewall-cmd --zone=public --add-service=ceph-installer

I have created new RFE BZ 1350859 to track this feature.

Comment 13 Martin Bukatovic 2016-08-11 18:21:43 UTC

Based on section "2.4. Firewall Configuration" of "Red Hat Storage Console 2.0
Quick Start Guide", I reconfigured and enabled firewall in QE deployment setup.

Checking with
=============

On RHSC 2.0 server machine:

rhscon-ui-0.0.53-1.el7scon.noarch
rhscon-core-0.0.41-1.el7scon.x86_64
rhscon-ceph-0.0.40-1.el7scon.x86_64
rhscon-core-selinux-0.0.41-1.el7scon.noarch
ceph-ansible-1.0.5-32.el7scon.noarch
ceph-installer-1.0.15-1.el7scon.noarch

On Ceph 2.0 storage machines:

rhscon-core-selinux-0.0.41-1.el7scon.noarch
rhscon-agent-0.0.18-1.el7scon.noarch
ceph-common-10.2.2-38.el7cp.x86_64
ceph-selinux-10.2.2-38.el7cp.x86_64

Verification
============

With firewall enabled, our API test suite is passing without any issues.