Bug 1487878
Summary: | Ovirt-imageIO missing firewalld rule | ||
---|---|---|---|
Product: | [oVirt] ovirt-node | Reporter: | Bradley <bhieber> |
Component: | General | Assignee: | Yuval Turgeman <yturgema> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | dguo |
Severity: | medium | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.1 | CC: | bhieber, bugs, cshao, danken, ylavi |
Target Milestone: | ovirt-4.1.7 | Keywords: | TestOnly |
Target Release: | 4.1 | Flags: | rule-engine:
ovirt-4.1+
dguo: testing_ack+ |
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-13 12:24:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Bradley
2017-09-02 23:17:23 UTC
Actually, https://github.com/firewalld/firewalld/blob/master/config/services/ovirt-imageio.xml should provide this port independently. This should be already available in CentOS-7.4's firewalld. With which one have you been testing? The question is whether this is in the node preset, and whether we have a 7.4 node yet. I'm on PTO and can't check until Tuesday. Yuval, can you look at this? Node is running 7.3.1611 from the Node-NG 4.1.5 image that was published. Checked on rhvh-4.1-0.20171012.0+1 Test versions: [root@dhcp-8-109 ~]# imgbase w You are on rhvh-4.1-0.20171012.0+1 Test steps: 1. Fresh install rhvh 2. Check ovirt-imageio XML under firewalld [root@dhcp-8-109 ~]# cat /usr/lib/firewalld/services/ovirt-imageio.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>oVirt Image I/O</short> <description>oVirt Image I/O simplifies the workflow of introducing new oVirt images into the oVirt environment.</description> <port protocol="tcp" port="54322"/> </service> 3. After registering to engine, check 54322 port is open [root@dhcp-8-109 ~]# iptables -L -x -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:54321 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:54322 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:161 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9090 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16514 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 2223 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 5900:6923 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 49152:49216 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6081 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:6081 4. Upload image to the storage domain, upload can be successfully Thus, this bug can be verified on rhvh-4.1-0.20171012.0 |