Bug 1302370

Summary: [Documentation] Firewall error when appliance is connected to multiple networks
Product: Red Hat CloudForms Management Engine Reporter: Sergio Ocón-Cárdenas <soconcar>
Component: DocumentationAssignee: Red Hat CloudForms Documentation <cloudforms-docs>
Status: CLOSED WONTFIX QA Contact: Red Hat CloudForms Documentation <cloudforms-docs>
Severity: high Docs Contact:
Priority: high    
Version: 5.5.0CC: abellott, adahms, cpelland, jhardy, mfeifer, obarenbo, soconcar
Target Milestone: GA   
Target Release: 5.9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: doc
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: When you install CF 5 in RHEV and you are using more than one network, the default firewall is configured for eth0 and does not take into account those multiple networks Consequence: Firewall error when appliance is connected to multiple networks Fix: Steps to add the new nic to the manageiq firewall zone: 1- Add new networki (management network), assuming eth1 2- Log into the appliance and add the new interface to the manageiq zone using command: firewall-cmd --zone=manageiq --add-interface eth1 3- Now the new nic, eth1, has been added to the manageiq firewall zone: firewall-cmd --list-all Result:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-09 00:05:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergio Ocón-Cárdenas 2016-01-27 15:59:47 UTC 
Description of problem:
When you install CF 5 in RHEV and you are using more than one network, the default firewall is configured for eth0 and does not take into account those multiple networks

Version-Release number of selected component (if applicable):
5.5.0.13.20151201120956_653c0d4 

How reproducible:
Tested in a customer

Steps to Reproduce:
1. Import the appliance with eth0
2. Add new network (management network)
3. Connection to RHEV does not refresh, it is stuck when you refresh states

Actual results:
Data is not received unless you disable firewall

Expected results:
Firewall is configured in the appliance when executing IP configuration to allow connection

Additional info:
Customer is using a production environment where appliance is connecting using eth0 (production network), but the manager is connected through a different environment (RHEV-M is in another VLAN that the production network)
When you add eth1 you need to disable firewall to make it work.
Comment 3 Shveta 2016-02-01 21:32:20 UTC 
Assigning to add test case
Comment 4 Joe Vlcek 2016-02-03 21:20:13 UTC 
*** Bug 1302369 has been marked as a duplicate of this bug. ***
Comment 5 Joe Vlcek 2016-02-03 21:45:46 UTC 
Can you please try to add the new interface to the manageiq firewall zone?

Steps to add the new nic to the manageiq firewall zone:
1- Add new networki (management network), assuming eth1

2- Log into the appliance and add the new interface to the manageiq zone using command:
      firewall-cmd --zone=manageiq --add-interface eth1

3- Now the new nic, eth1, has been added to the manageiq firewall zone:  
      firewall-cmd --list-all

Please let us know if this solves the issue.
Comment 7 Sergio Ocón-Cárdenas 2016-02-11 07:28:35 UTC 
Customer has tested the solution and and the problem has been solved.
This case can be closed

Thanks,
Sergio
Comment 8 Lucy Bopf 2016-05-26 02:26:28 UTC 
Moving to NEW to be reviewed as the schedule allows.
Comment 9 Andrew Dahms 2018-10-09 00:05:38 UTC 
Thank you for raising this bug.

We have evaluated this request, and while we recognize that it is a valid request for the documentation, we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. 

If you have any concerns about this, please feel free to contact Andrew Dahms.