Bug 462396
Summary: | Need DMZ Proxy solution write-up | ||
---|---|---|---|
Product: | Red Hat Satellite 5 | Reporter: | Máirín Duffy <duffy> |
Component: | Docs Reference Guide | Assignee: | Lana Brindley <lbrindle> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Martin Minar <mminar> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 511 | CC: | cperry, lbrindle, mhideo, mkoci, mminar, pnovotny, xdmoon |
Target Milestone: | --- | Keywords: | Documentation |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-06-16 22:27:26 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 644720 | ||
Bug Blocks: | 677505 |
Description
Máirín Duffy
2008-09-15 21:54:54 UTC
Giving ownership to John Ha - Xixi still on CC. So, is there a KBase article for this DMZ solution? We've missed the window for 5.3.0, I'm afraid, but I can queue it up for 5.3.x or 5.n. (In reply to comment #2) > So, is there a KBase article for this DMZ solution? This is on my TODO but keep getting pre-empted... Let me see if I can get a draft this or next week... We need more details about how this DMZ would look like diagrammatically and the general user tasks to set such a network up. Recommending this be moved to sat600 for inclusion then. This is slated for inclusion in the Satellite 5.5 documentation. If there is any other source content that is not listed (or linked to) in this bug, please link to it. LKB Added to content specification for 5.4.1. LKB <listitem> <para> DMZ Proxy Solution </para> <para> Unless the Satellite server is in disconnected mode, it needs to initiate outbound connections on ports 80 and 443 to the Red Hat Network (RHN) Hosted service (<filename>rhn.redhat.com</filename>, <filename>xmlrpc.rhn.redhat.com</filename>, and <filename>satellite.rhn.redhat.com</filename>). To ensure correct functioning of the satellite system, do not restrict access to these hosts and ports. If required, an http or https proxy can be used, by issuing the <command>satellite-sync --http-proxy</command> command. </para> <para> The Satellite server needs to allow inbound connections on ports 80 and 443 from client systems and any RHN Proxy servers connected to the Satellite, as well as any system that needs to access the Satellite Web UI. WebUI and client requests come in via either http or https. </para> <para> The RHN monitoring functionality requires outbound connections to individual monitoring-enabled client systems on port 4545. RHN Satellite monitoring makes connections to <command>rhnmd</command> running on client systems if monitoring is enabled and probes are configured for registered systems. </para> <para> The RHN push functionality requires both outbound and inbound connections on port 5269 to and from each registered RHN Proxy server with RHN push functionality enabled. This is used for two-way communications between the <command>jabberd</command> service on Satellite and Proxy, respectively. In addition, it needs to allow inbound connections on port 5222 from client systems directly registered to the Satellite. This is used for one-way (client to server) communications between the <command>osad</command> service on client systems and the <command>jabberd</command> service on the Satellite. </para> </listitem> In the Additional Requirements section of the Installation Guide, as per John's suggestion. Revision 1-29. LKB Taking this bug for verification. This book has now been dropped to translation (RT#75265). No further updates can be accepted. Please raise a new bug for any changes. LKB 5.4.1 Satellite books are now available on docs.redhat.com. Please raise a new bug for any issues. LKB |