| Summary: | Document requirement for port 443 inbound to be open | ||
|---|---|---|---|
| Product: | [Retired] CloudForms Cloud Engine | Reporter: | wes hayutin <whayutin> |
| Component: | Documentation | Assignee: | Justin Clift <jclift> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | wes hayutin <whayutin> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 0.3.1 | CC: | dajohnso, deltacloud-maint, dmacpher, kwade, morazi, ssachdev |
| Target Milestone: | rc | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-08 13:50:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
[root@hp-ml370g5-01 ~]# rpm -qa | grep aeolus aeolus-conductor-0.3.0-0.el6.20110628135944git2a88782.noarch rubygem-aeolus-cli-0.0.1-1.el6.20110628165632git0dfe3ff.noarch aeolus-all-0.3.0-0.el6.20110628135944git2a88782.noarch aeolus-conductor-daemons-0.3.0-0.el6.20110628135944git2a88782.noarch aeolus-conductor-doc-0.3.0-0.el6.20110628135944git2a88782.noarch aeolus-configure-2.0.1-0.el6.20110628141215gitb8aaf85.noarch [root@hp-ml370g5-01 ~]# configure no longer has any responsbility to manage iptables as far as I know. We made conscious decision to not potentially muck with an already set up firewall config, etc. k.. making this a doc bug then... We need to document that port 80,443 needs to be open For clarity, it is *both* ports 80 and 443, or just 443, or ? Next bit, at present we list this requirement in the "Configuring Aeolus" part of our Getting Started Guide: http://www.aeolusproject.org/configuring_aeolus.html Thinking about it more, it might be a good idea to add it to the System Requirements page: http://www.aeolusproject.org/requirements.html And we should likely also have it included in the Cloud Engine Installation or Admin Guides. Are there any other useful spots we should include that info too? s/it is/is it/ BZ 717657 - Requirement for port 443 inbound to be open Documentation needs updating to show inbound port 443 (https) needs to be open. removing from tracker release pending... release pending... perm close closing out old bugs |
Description of problem: [root@hp-ml370g5-01 ~]# aeolus-configure notice: /Stage[main]/Aeolus::Conductor/Postgres::User[aeolus]/Exec[create_aeolus_postgres_user]/returns: executed successfully notice: /File[/var/lib/aeolus-conductor]/ensure: created notice: /Stage[main]/Aeolus::Conductor/Selinux::Mode[permissive]/Exec[set_selinux_permissive]/returns: executed successfully notice: /Stage[main]/Aeolus::Conductor/Service[condor]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Image-factory/Service[qpidd]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor/Service[aeolus-connector]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor/Rails::Create::Db[create_aeolus_database]/Exec[create_rails_database]/returns: (in /usr/share/aeolus-conductor) notice: /Stage[main]/Aeolus::Conductor/Rails::Create::Db[create_aeolus_database]/Exec[create_rails_database]/returns: executed successfully notice: /Stage[main]/Aeolus::Conductor/Service[solr]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor/Rails::Migrate::Db[migrate_aeolus_database]/Exec[migrate_rails_database]/returns: executed successfully notice: /Stage[main]/Aeolus::Conductor/Exec[build_solr_index]/returns: (in /usr/share/aeolus-conductor) notice: /Stage[main]/Aeolus::Conductor/Exec[build_solr_index]/returns: executed successfully notice: /Stage[main]/Aeolus::Conductor/Rails::Seed::Db[seed_aeolus_database]/Exec[seed_rails_database]/returns: (in /usr/share/aeolus-conductor) notice: /Stage[main]/Aeolus::Conductor/Rails::Seed::Db[seed_aeolus_database]/Exec[seed_rails_database]/returns: executed successfully notice: /File[/var/lib/aeolus-conductor/production.seed]/ensure: created notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Site_admin[admin]/Exec[create_site_admin_user]/returns: (in /usr/share/aeolus-conductor) notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Site_admin[admin]/Exec[create_site_admin_user]/returns: User admin registered notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Site_admin[admin]/Exec[create_site_admin_user]/returns: executed successfully notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Site_admin[admin]/Exec[grant_site_admin_privs]/returns: (in /usr/share/aeolus-conductor) notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Site_admin[admin]/Exec[grant_site_admin_privs]/returns: Granting administrator privileges for admin... notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Site_admin[admin]/Exec[grant_site_admin_privs]/returns: executed successfully notice: /File[/etc/init.d/deltacloud-ec2-us-east-1]/ensure: defined content as '{md5}d8e1ef85277e52a647815e3177766704' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Provider[ec2-us-east-1]/Aeolus::Deltacloud[ec2-us-east-1]/Service[deltacloud-ec2-us-east-1]/ensure: ensure changed 'stopped' to 'running' notice: /File[/etc/init.d/deltacloud-mock]/ensure: defined content as '{md5}91f7a7b75548184be3bc143f11152ad2' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Provider[mock]/Aeolus::Deltacloud[mock]/Service[deltacloud-mock]/ensure: ensure changed 'stopped' to 'running' notice: /File[/etc/init.d/deltacloud-ec2-us-west-1]/ensure: defined content as '{md5}d52f8ab18e5fec3d847c2ec754409857' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Provider[ec2-us-west-1]/Aeolus::Deltacloud[ec2-us-west-1]/Service[deltacloud-ec2-us-west-1]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Image-factory/Service[imagefactory]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Iwhd/Service[mongod]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Iwhd/Service[iwhd]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Create_bucket[aeolus]/Exec[create-bucket-aeolus]/returns: % Total % Received % Xferd Average Speed Time Time Time Current notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Create_bucket[aeolus]/Exec[create-bucket-aeolus]/returns: Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0]/Exec[create-bucket-aeolus]/returns: notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Create_bucket[aeolus]/Exec[create-bucket-aeolus]/returns: executed successfully notice: /Stage[main]/Apache/Exec[permit-http-networking]/returns: executed successfully notice: /Stage[main]/Apache/Service[httpd]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor/Service[conductor-dbomatic]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor/Service[aeolus-conductor]/ensure: ensure changed 'stopped' to 'running' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Provider[ec2-us-west-1]/Aeolus::Conductor::Provider[ec2-us-west-1]/Web_request[provider-ec2-us-west-1]/post: post changed '' to 'https://localhost/conductor/providers' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Provider[ec2-us-east-1]/Aeolus::Conductor::Provider[ec2-us-east-1]/Web_request[provider-ec2-us-east-1]/post: post changed '' to 'https://localhost/conductor/providers' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Provider[mock]/Aeolus::Conductor::Provider[mock]/Web_request[provider-mock]/post: post changed '' to 'https://localhost/conductor/providers' notice: /Stage[main]/Aeolus::Conductor::Seed_data/Aeolus::Conductor::Hwp[hwp1]/Web_request[hwp-hwp1]/post: post changed '' to 'https://localhost/conductor/hardware_profiles' notice: /Stage[main]/Aeolus::Conductor/Service[conductor-delayed_job]/ensure: ensure changed 'stopped' to 'running' notice: Finished catalog run in 94.84 seconds [root@hp-ml370g5-01 ~]# /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 Chain OUTPUT (policy ACCEPT) num target prot opt source destination Table: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHECKSUM fill Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 5 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 2 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) num target prot opt source destination