Bug 1369416

Summary: Port overview does not explicitly state client that a Capsule takes over all of client to server communication
Product: Red Hat Satellite Reporter: Roland Wolters <rwolters>
Component: DocumentationAssignee: Stephen Wadeley <swadeley>
Status: CLOSED CURRENTRELEASE QA Contact: Russell Dickenson <rdickens>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: egolov, rwolters, swadeley
Target Milestone: Unspecified   
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-08-25 02:55:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Roland Wolters 2016-08-23 11:17:41 UTC 
Document URL:
https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-2-preparing-your-environment-for-installation

Section Number and Name: 
2.5. PORTS AND FIREWALLS REQUIREMENTS


Describe the issue: 
When an additional Capsule for example in another network is in place, that Capsule takes over the entire communication with attached, managed RHEL clients. There is no further communication between Satellite Server and RHEL clients anymore.

This is however nowhere explicitly stated. A reader has to deduce this information, and given the port tables this is not easy to do.

Suggestions for improvement: 
Add the following paragraph:

If an additional Capsule is present, for example to server another network, all managed clients in that network only communicate with that Capsule. There are no additional direct connections between the managed clients and the Satellite Server in that case.

Additional information: 
This information is needed because other sources of information about the Satellite communication ports, like https://access.redhat.com/solutions/2470641 , do still list Client <-> Satellite Server connections which is highly misleading.
Comment 1 Stephen Wadeley 2016-08-23 11:23:43 UTC 
Hello


Thank you for raising this bug.
Comment 2 Stephen Wadeley 2016-08-23 11:45:12 UTC 
Hello

In the beginning of the section "Ports and Firewalls Requirements" there is a paragraph:

The Satellite Server has an integrated Capsule and any host that is directly connected to the Satellite Server is a Client of the Satellite in the context of these tables. This includes the base system on which a Capsule Server is running.

Would it help if we added:

"Systems which are clients of Capsules, other than the internal Capsule, do not need access to the Satellite Server."

We can also add a link to the Architecture Guide's "Capsule Networking" page[1]

In the section "Enabling Connections from a Client to Satellite Server" 

there is this opening sentence:
 "You must configure the firewall on Satellite to enable incoming connections from a Client and to make these rules persistent during reboots "

Would it help if we changed that to something like:

Systems which are clients of Satellite Server's internal Capsule require access thorough host and networked based firewalls. This sectioned describes configuring the host-based firewall on Satellite Server's base system to enable incoming connections from a Client and to make these rules persistent during reboots. 


Thank you

[1] https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/architecture-guide/23-capsule-networking
Comment 3 Roland Wolters 2016-08-23 12:08:54 UTC 
Dear Stephen,

thanks for the quick reply. The first mentioned sentence would be what I was looking for. The added link would be a bonus if not too much of a trouble.

The second suggested sentence regarding the firewalls also clarifies the opening sentence, I like that.
Comment 4 Evgeni Golov 2016-08-23 18:10:16 UTC 
big +1 from me, this clarifies it

also, whoever did that graphs in the arch guide: awesome, can I buy you $favoritebeverage?
Comment 5 Stephen Wadeley 2016-08-23 19:47:22 UTC 
Hello Roland


Thank you for comment 3, I will go ahead and make those changes.

Note to self: good time to change "persistent during reboots" to "persistent across system reboots". 

= =

Hello Evgeni

Thank you for comment 4

If you mean the Satellite Topology diagrams they were made at my request by Jess Schaefer.

Thank you
Comment 10 Roland Wolters 2016-08-25 07:55:46 UTC 
Dear team, a customer reviewed the change already and was very happy about your quick reaction, the improvement of the documentation and the entire and overall process in general. My customer asked me explicitly to say "thanks" to you. Well done, and thank you very much! =)
Comment 11 Stephen Wadeley 2016-08-25 07:57:31 UTC 
Dear Roland and customer, thank you for saying thank you