Bug 1129498 - [doc] Capsule Pre-req section: group iptables commands together for faster copy-paste
Summary: [doc] Capsule Pre-req section: group iptables commands together for faster co...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Docs Install Guide
Version: 6.0.3
Hardware: Unspecified
OS: Unspecified
medium
medium vote
Target Milestone: Unspecified
Assignee: Peter Ondrejka
QA Contact: Tahlia Richardson
URL:
Whiteboard:
Depends On:
Blocks: GSS_Sat6Beta_Tracker, GSS_Sat6_Tracker
TreeView+ depends on / blocked
 
Reported: 2014-08-13 00:14 UTC by Xixi
Modified: 2015-07-27 08:51 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-27 08:51:11 UTC


Attachments (Terms of Use)

Description Xixi 2014-08-13 00:14:40 UTC
Description of problem:
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#Prerequisites3
The Capsule Installation pre-requisites section has alot of iptable commands, grouping them together would help customers speed this up (especially if more than one Capsule) to copy-paste once instead of 6 times.

Version-Release number of selected component (if applicable):
current

How reproducible:
always

Steps to Reproduce:
1. pls see above
2.
3.

Actual results:
Each iptable command is in its own box separated by explanations.

Expected results:
Group the explanations together and the actual iptables commands together.

Additional info:
Based on GSS Test Day feedback Aug 12 2014 "it would be quite appreciated if Sat6 prerequisities listed in [1] would be put into a simple script - it's tedious to copy&paste one iptables command after another, for Satteline and also each capsule; if no script then please put the commands altogether for just 1 copy&paste
    [1] https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.0/html-single/Installation_Guide/index.html#Prerequisites3"

Comment 1 RHEL Product and Program Management 2014-08-13 00:22:56 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.

Comment 11 Pavel Moravec 2014-08-16 09:32:43 UTC
There is a typo in first iptables command, in Satellite6 installation:

# iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \
&& -I INPUT -m state --state NEW -p tcp --dport 5671 -j ACCEPT \
..

(see missing "iptables" command on 2nd line).

Capsule server installation seems fine.

Comment 13 Pavel Moravec 2014-10-17 14:38:42 UTC
Could be one another change done? (please disregard it if you see it as ridiculous)

Now the commands end with:
..
&& iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
# iptables-save > /etc/sysconfig/iptables

The whole text and also '\' at the end of the last-but-one line suggest to grab whole text - including the latest line(!) - to clipboard and execute.

That would mean "iptables-save" command wont be performed, as it is commented out by "# " (that was meant as root prompt).

So I suggest replacing "#" by "&&" as well here.

The same applies both to Satellite and also Capsule prerequisites.

Thanks for consideration.

(I already saw one customer with the default too-restrictive firewall after Sat6 "installed" and I suspect it could be due to this)

Comment 14 David O'Brien 2014-10-20 08:48:50 UTC
(In reply to Pavel Moravec from comment #13)
> Could be one another change done? (please disregard it if you see it as
> ridiculous)
> 
> Now the commands end with:
> ..
> && iptables -I INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT \
> # iptables-save > /etc/sysconfig/iptables
> 
> The whole text and also '\' at the end of the last-but-one line suggest to
> grab whole text - including the latest line(!) - to clipboard and execute.
> 
> That would mean "iptables-save" command wont be performed, as it is
> commented out by "# " (that was meant as root prompt).
> 

Yes, that's a mistake, sorry :-(

> So I suggest replacing "#" by "&&" as well here.
> 
> The same applies both to Satellite and also Capsule prerequisites.
> 
> Thanks for consideration.
> 
> (I already saw one customer with the default too-restrictive firewall after
> Sat6 "installed" and I suspect it could be due to this)


There's two ways we can fix this. Either:
- remove the \ from last iptables line before "iptables-save" and run the last command separately (I think that's how it was intended), or
- remove the # from the last line and replace it with && as you suggest.

If ppl are copy/pasting the whole lot then the latter is probably the better solution. I'd like to assign this to Athene because she's working on this book atm. Just need to do a quick find/replace; I think there are three instances of this type throughout the book.

Thanks for picking this up.

Comment 15 RHEL Product and Program Management 2015-04-21 16:10:56 UTC
Since this issue was entered in Red Hat Bugzilla, the release flag has been
set to ? to ensure that it is properly evaluated for this release.


Note You need to log in before you can comment on or make changes to this bug.