Bug 768433
Summary: | aeolus-configserver-setup iptables changes are not persistent | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] CloudForms Cloud Engine | Reporter: | James Laska <jlaska> | ||||
Component: | aeolus-configserver | Assignee: | Greg Blomquist <gblomqui> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | dgao | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 1.0.0 | CC: | akarol, deltacloud-maint, jturner, morazi | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-08-30 17:15:51 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
James Laska
2011-12-16 16:17:53 UTC
adding to ce-sprint-next adding to ce-sprint-next adding to ce-sprint removing ce-sprint-next tracker taking off ce-sprint-next.. [root@deaddonkey ~]# rpm -q aeolus-configserver aeolus-configserver-0.4.5-2.el6.noarch [root@deaddonkey ~]# cat /etc/sysconfig/iptables | grep "443" -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT [root@deaddonkey ~]# aeolus-configserver-setup This script will help you configure Apache as a proxy for a Config Server. Typically this is only useful if you are not familiar with Apache configurations and modules, specifically with mod_proxy, mod_auth_basic, and mod_ssl. Also, this configuration tool assumes that you are not currently running Apache for any purposes on this server. This configuration tool will create a Named Virtual Host for *:443. If this server is currently using Apache to serve secure pages on port 443, then this tool should not be used. Do you wish to continue [y/N]: y Please provide the web application URL where the Config Server is currently running on this server. If the Config Server was installed from an RPM, then this will typically be: http://localhost:4567/ The provided URL should be a fully qualified URL, providing the scheme, hostname, and port: http://HOSTNAME:PORT/ Enter the application URL [http://localhost:4567/]: Root context: / App URL: http://localhost:4567/ Conductor Auth Key: 611493791229888206785579 Conductor Auth Secret: 9MP9ZfyZKUnxpk6rSOD2MP0YL555nxRu1o2q6ZmJ5LVXwIpi \n\n*** You need to add this config server information to a *** *** provider account in conductor. *** running: echo | /usr/bin/puppet --modulepath /usr/share/aeolus-configserver/configure/puppet/modules --external_nodes /tmp/tmp.VuNINdK8Qc --node_terminus exec notice: /Stage[main]/Apache::Base/Exec[permit-http-networking]/returns: executed successfully notice: /Stage[main]/Apache::Base/Exec[graceful-apache]: Triggered 'refresh' from 1 events notice: /File[/var/lib/aeolus-configserver/configs/oauth/611493791229888206785579]/ensure: defined content as '{md5}79b571195cf41dac770c7eedf8785fd1' notice: Finished catalog run in 49.42 seconds [root@deaddonkey ~]# [root@deaddonkey ~]# cat /etc/sysconfig/iptables | grep "443" -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT [root@deaddonkey ~]# service iptables status | grep "443" 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 [root@deaddonkey ~]# service iptables restart iptables: Flushing firewall rules: [ OK ] iptables: Setting chains to policy ACCEPT: nat mangle filte[ OK ] iptables: Unloading modules: [ OK ] iptables: Applying firewall rules: [ OK ] [root@deaddonkey ~]# service iptables status | grep "443" 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443 |