Bug 1563728

Summary: Add firewall configuration to '10.5.2. Configuring a Quorum Device' procedure
Product: Red Hat Enterprise Linux 7 Reporter: Ondrej Faměra <ofamera>
Component: doc-High_Availability_Add-On_ReferenceAssignee: Steven J. Levine <slevine>
Status: CLOSED CURRENTRELEASE QA Contact: cluster-qe <cluster-qe>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: ofamera, rhel-docs
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 15:04:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ondrej Faměra 2018-04-04 14:49:08 UTC 
== Document URL, Section Number and Name: 
10.5.2. Configuring a Quorum Device
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/high_availability_add-on_reference/s1-quorumdev-haar#s2-quorumdevconfig-HAAR

== Describe the issue: 
Following procedure for configuring Quorum device I will fail on step 
'2. From one of the nodes in the existing cluster, authenticate user hacluster on the node that is hosting the quorum device.' with error below

# pcs cluster auth qdevice
Username: hacluster
Password:
Error: Unable to communicate with qdevice

== Suggestions for improvement: 
Problem is that 'high-availability' service was not added to firewall on 'qdevice' machine. There is some information about this in 1.3. that the port 5403 is part of 'high-availability' service in firewalld and should be enabled on 'quorum device host', but that part of documentation is "too far" from this procedure.

I propose adding step before current step 2:

2. Enable ports on firewall needed by `pcsd` daemon and `net` `qdevice` by enabling 'high-availability' service on firewalld with commands below.

  [root@qdevice:~]# firewall-cmd --permanent --add-service=high-availability
  [root@qdevice:~]# firewall-cmd --add-service=high-availability

3. <former step 2.> From one of the nodes in the existing cluster, authenticate user hacluster on the node that is hosting the quorum device. ...
Comment 4 Steven J. Levine 2018-04-05 14:22:37 UTC 
This update should be on the Portal at 7.5 GA.  I will check at that time and close the BZ.
Comment 5 Steven J. Levine 2018-04-10 15:04:57 UTC 
Updated section is now on the Portal:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/high_availability_add-on_reference/#s2-quorumdevconfig-HAAR