Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1129498 - [doc] Capsule Pre-req section: group iptables commands together for faster copy-paste
Summary: [doc] Capsule Pre-req section: group iptables commands together for faster co...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Docs Install Guide
Version: 6.0.3
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Unspecified
Assignee: Peter Ondrejka
QA Contact: Tahlia Richardson
URL:
Whiteboard:
Depends On:
Blocks: GSS_Sat6Beta_Tracker, GSS_Sat6_Tracker
TreeView+ depends on / blocked
 
Reported: 2014-08-13 00:14 UTC by Xixi
Modified: 2019-09-26 18:08 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-27 08:51:11 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Xixi 2014-08-13 00:14:40 UTC 
Description of problem:
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#Prerequisites3
The Capsule Installation pre-requisites section has alot of iptable commands, grouping them together would help customers speed this up (especially if more than one Capsule) to copy-paste once instead of 6 times.

Version-Release number of selected component (if applicable):
current

How reproducible:
always

Steps to Reproduce:
1. pls see above
2.
3.

Actual results:
Each iptable command is in its own box separated by explanations.

Expected results:
Group the explanations together and the actual iptables commands together.

Additional info:
Based on GSS Test Day feedback Aug 12 2014 "it would be quite appreciated if Sat6 prerequisities listed in [1] would be put into a simple script - it's tedious to copy&paste one iptables command after another, for Satteline and also each capsule; if no script then please put the commands altogether for just 1 copy&paste
    [1] https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#Prerequisites3"
Comment 1 RHEL Program Management 2014-08-13 00:22:56 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 11 Pavel Moravec 2014-08-16 09:32:43 UTC 
There is a typo in first iptables command, in Satellite6 installation:

# iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \
&& -I INPUT -m state --state NEW -p tcp --dport 5671 -j ACCEPT \
..

(see missing "iptables" command on 2nd line).

Capsule server installation seems fine.
Comment 13 Pavel Moravec 2014-10-17 14:38:42 UTC 
Could be one another change done? (please disregard it if you see it as ridiculous)

Now the commands end with:
..
&& iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
# iptables-save > /etc/sysconfig/iptables

The whole text and also '\' at the end of the last-but-one line suggest to grab whole text - including the latest line(!) - to clipboard and execute.

That would mean "iptables-save" command wont be performed, as it is commented out by "# " (that was meant as root prompt).

So I suggest replacing "#" by "&&" as well here.

The same applies both to Satellite and also Capsule prerequisites.

Thanks for consideration.

(I already saw one customer with the default too-restrictive firewall after Sat6 "installed" and I suspect it could be due to this)
Comment 14 David O'Brien 2014-10-20 08:48:50 UTC 
(In reply to Pavel Moravec from comment #13)
> Could be one another change done? (please disregard it if you see it as
> ridiculous)
> 
> Now the commands end with:
> ..
> && iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
> # iptables-save > /etc/sysconfig/iptables
> 
> The whole text and also '\' at the end of the last-but-one line suggest to
> grab whole text - including the latest line(!) - to clipboard and execute.
> 
> That would mean "iptables-save" command wont be performed, as it is
> commented out by "# " (that was meant as root prompt).
> 

Yes, that's a mistake, sorry :-(

> So I suggest replacing "#" by "&&" as well here.
> 
> The same applies both to Satellite and also Capsule prerequisites.
> 
> Thanks for consideration.
> 
> (I already saw one customer with the default too-restrictive firewall after
> Sat6 "installed" and I suspect it could be due to this)


There's two ways we can fix this. Either:
- remove the \ from last iptables line before "iptables-save" and run the last command separately (I think that's how it was intended), or
- remove the # from the last line and replace it with && as you suggest.

If ppl are copy/pasting the whole lot then the latter is probably the better solution. I'd like to assign this to Athene because she's working on this book atm. Just need to do a quick find/replace; I think there are three instances of this type throughout the book.

Thanks for picking this up.
Comment 15 RHEL Program Management 2015-04-21 16:10:56 UTC 
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.
Comment 16 Athene Chan 2015-05-05 12:02:37 UTC 
Changed as per request:

http://file.bne.redhat.com/~achan/Satellite_61/html-single/#form-Red_Hat_Satellite-Installation_Guide-Prerequisites-Required_Network_Ports

http://file.bne.redhat.com/~achan/Satellite_61/html-single/#sect-Red_Hat_Satellite-Installation_Guide-Red_Hat_Satellite_Capsule_Server_Prerequisites-Required_Network_Ports

All # tags on the Capsule Required Network Ports Section and Server Required Network Ports section have been removed.
Note You need to log in before you can comment on or make changes to this bug.