Bug 1476311

Summary:	[Docs][Planning] Include port number 111 in documentation of "Hypervisor Firewall Requirements"
Product:	Red Hat Enterprise Virtualization Manager	Reporter:	Ulhas Surse <usurse>
Component:	Documentation	Assignee:	Tahlia Richardson <trichard>
Status:	CLOSED CURRENTRELEASE	QA Contact:	Billy Burmester <bburmest>
Severity:	medium	Docs Contact:
Priority:	high
Version:	4.1.3	CC:	didi, lbopf, lsurette, rbalakri, srevivo, tnisan, trichard, ykaul
Target Milestone:	ovirt-4.1.6	Keywords:	Triaged
Target Release:	---	Flags:	lsvaty: testing_plan_complete-
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2018-02-12 06:19:03 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Docs	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Ulhas Surse 2017-07-28 15:29:19 UTC

Description of problem:
The port for NFSv3 111 is configured on the host firewall when it is registered from manager. 

Version-Release number of selected component (if applicable):
RHVM 4.1.3

How reproducible:
Always

Steps to Reproduce:
1. Install Host and add / register it to Manager.
2. After registering the host, check the host firewall.
3. the port 111 is configured to be allowed but it is not mentioned in documentation. 

Actual results:
111 port is not present for host in document. 

Expected results:
Include 111 port inclusion in documentation. 

Additional info:
Document link: 

2.3.2. Hypervisor Firewall Requirements
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/installation_guide/sect-firewalls#Virtualization_Host_Firewall_Requirements1

Comment 1 Lucy Bopf 2017-07-30 23:13:08 UTC

*** Bug 1476308 has been marked as a duplicate of this bug. ***

Comment 2 Tahlia Richardson 2017-08-09 07:05:10 UTC

Didi, can you provide the info required for the table (Protocol, Source, Destination, Purpose) for port 111?

Comment 3 Yedidyah Bar David 2017-08-10 12:16:53 UTC

I guess the reason for including it is bug 1177624.

Tal, can you provide the information Tahlia asked for? Thanks.

Comment 4 Tal Nisan 2017-08-16 10:51:13 UTC

I basically moved them from one section in the config to another according to bug 1177624, it is used for the portmapper

Comment 5 Yedidyah Bar David 2017-08-16 11:41:31 UTC

(In reply to Tal Nisan from comment #4)
> I basically moved them from one section in the config to another according
> to bug 1177624, it is used for the portmapper

Yes, I saw that, but why?

This table has (Protocol, Source, Destination, Purpose).

Protocol is "portmapper".
Destination is "Virtualization Host".

Not sure about the source (engine? another host? no idea) and Purpose (the bug implies we might use it for statsd notifications about locks, but bug 1177624 comment 3 says we do not actually use nfs locks, so not sure).

Comment 6 Tahlia Richardson 2017-08-23 04:56:15 UTC

For example, see the table here: https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/planning_and_prerequisites_guide/requirements#host-firewall-requirements

Comment 7 Tahlia Richardson 2017-11-09 04:52:44 UTC

From email with Tal: 
> The destination is "virtualization host" the protocol is "port mapper" 
> and the source is "NFS storage server"

I still have two things to follow up on: 

1. A short description of what the port is for (i.e. the Purpose column in https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/planning_and_prerequisites_guide/requirements#host-firewall-requirements)

2. I'm confused by the Protocol being "portmapper". All other ports in the table linked above have either TCP or UDP under the Protocol column. Checking the open ports on one of my own hosts suggests TCP for port 111.

Comment 9 Billy Burmester 2018-02-07 05:06:46 UTC

Reviewed, all OK. Merged.

Comment 10 Tahlia Richardson 2018-02-12 06:19:03 UTC

Now published at https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/planning_and_prerequisites_guide/requirements#host-firewall-requirements