Bug 978699

Summary: [Docs] [RFE] Networking diagram explaining required ports for RHEV
Product: Red Hat Enterprise Virtualization Manager Reporter: Cheryn Tan <chetan>
Component: DocumentationAssignee: Jodi Biddle <jbiddle>
Status: CLOSED NOTABUG QA Contact: ecs-bugs
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.4.0CC: acathrow, byount, gklein, rlandman, sfolkwil, yeylon, zdover
Target Milestone: ---Keywords: FutureFeature
Target Release: 3.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-11 05:01:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
rhev 3 ports pic none

Description Cheryn Tan 2013-06-27 05:10:10 UTC 
The Installation Guide currently contains a list of required ports [1] for the Manager, hosts, database etc. It would be helpful to have a diagram like the one here [2] illustrating how the components communicate with each other, and through which ports. 

The diagram can be placed in either in the Install Guide or in the Tech Ref Guide (or both)

[1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html-single/Installation_Guide/index.html#sect-Firewall_Configuration
[2] https://access.redhat.com/site/solutions/17634
Comment 1 Tim Hildred 2013-07-29 03:30:48 UTC 
Created attachment 779584 [details]
rhev 3 ports pic
Comment 2 Tim Hildred 2013-07-29 03:40:13 UTC 
Raising RT3 ticket(RT#241787) to have that image brought on brand in line with other diagrams in our documentation. 

Hey Bryan, will you work with me to update this image for RHEV 3.3?
Comment 3 Tim Hildred 2013-08-01 03:28:43 UTC 
https://svn.devel.redhat.com/repos/ecs/artwork/images/241787/241787-RHEVM-network-ports.png

Dan cleverly left numbered callouts rather than specific ports on the diagram, which makes it easier to update if required.
Comment 4 Bryan Yount 2013-08-09 23:26:24 UTC 
(In reply to Tim Hildred from comment #2)
> Hey Bryan, will you work with me to update this image for RHEV 3.3?

I will do my best. We may want to involve someone who's a bit more familiar with the underlying code because some components have changed over time. But, the best thing to start with is the default firewall on the hosts which I have included below:


[root@rhev1 ~]# cat /etc/sysconfig/iptables

# oVirt default firewall configuration. Automatically generated by vdsm bootstrap script.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -i lo -j ACCEPT
# vdsm
-A INPUT -p tcp --dport 54321 -j ACCEPT
# SSH
-A INPUT -p tcp --dport 22 -j ACCEPT
# snmp
-A INPUT -p udp --dport 161 -j ACCEPT

# libvirt tls
-A INPUT -p tcp --dport 16514 -j ACCEPT

# guest consoles
-A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT

# migration
-A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT

# Reject any other input traffic
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited
COMMIT
Comment 5 Tim Hildred 2013-10-28 00:05:50 UTC 
Reassigning to Jodi Biddle (jbiddle) as I am no longer working on Red Hat Enterprise Virtualization documentation.
Comment 6 Zac Dover 2013-12-09 05:28:21 UTC 
Pushing to 3.4.