Title: Installing Red Hat Satellite Describe the issue: Step 6: "Run the following commands to configure the firewall to limit elasticsearch to foreman and katello users and make these rules persistent during reboots: " modifies firewall in such a way, that elasticsearch (on port 9200) can get connections from processes owned by foreman or katello. While during installation, katello-install script runs a check: /bin/bash /usr/share/katello-installer/modules/service_wait/bin/service-wait elasticsearch start under root user that tests that port accessibility (wget and curl against http://localhost:9200 are invoked). Following installation manual, this check would fail with error: Could not start Service[elasticsearch]: Execution of '/usr/share/katello-installer/modules/service_wait/bin/service-wait elasticsearch start' returned 5: Starting elasticsearch (via systemctl): [ OK ] (installation will succeed, just the error will appear what's confusing for an end user) Suggestions for improvement: Add there a rule allowing root to access the port. I.e.: - s/to foreman and katello users/to root, foreman and katello users/ - add line: iptables -A OUTPUT -o lo -p tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \ && to the box with commands (before "-j DROP" line) Additional information: I am curious why installations (with default firewall set and strictly following manual) could ever succeed without hitting this error. I installed Sat6 many times and hit this for the first time - on RHEL7 installed from iso with few packages updated.
Hello Pavel, This issue is being resolved today or tomorrow with an async update. Please check BZ#1161254 for more details Thank you for your feedback! Cheers, Athene *** This bug has been marked as a duplicate of bug 1161254 ***