Bug 1278432 - Web-UI: HTML5-Console: Ports 5900:5999 not enabled in firewall
Web-UI: HTML5-Console: Ports 5900:5999 not enabled in firewall
Status: CLOSED ERRATA
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Appliance (Show other bugs)
5.5.0
Unspecified Unspecified
high Severity high
: GA
: 5.5.0
Assigned To: Nick Carboni
Ramesh A
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-11-05 08:07 EST by Ramesh A
Modified: 2015-12-08 08:44 EST (History)
5 users (show)

See Also:
Fixed In Version: 5.5.0.10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-08 08:44:35 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ramesh A 2015-11-05 08:07:54 EST
Description of problem:
Ports 5900:5999 not enabled in firewall

Version-Release number of selected component (if applicable):
5.5.0.9-beta2.20151102161742_5530c9a

How reproducible:
100%

Steps to Reproduce:
1. Deploy new appliance
2. ssh to the appliance and check for the ports enabled in the iptables (iptables -L -n -v)


Actual results:
Ports 5900:5999 not enabled in firewall

Expected results:
Ports 5900:5999 should be enabled in firewall

Additional info:
Comment 4 CFME Bot 2015-11-06 15:02:45 EST
New commit detected on ManageIQ/manageiq-appliance-build/master:
https://github.com/ManageIQ/manageiq-appliance-build/commit/d6dbe51a513fd37e61a099541493662b79980779

commit d6dbe51a513fd37e61a099541493662b79980779
Author:     Nick Carboni <ncarboni@redhat.com>
AuthorDate: Thu Nov 5 10:14:09 2015 -0500
Commit:     Nick Carboni <ncarboni@redhat.com>
CommitDate: Thu Nov 5 17:05:25 2015 -0500

    Enable ports 5900-5999 for HTML5 console
    
    Removed the `firewall` command in favor of opening
    ports in the post section.
    
    The kickstart `firewall` command was adding the ports
    to the default zone which is "public" at the time the
    main section runs.
    
    We later create the "manageiq" zone and set that to the
    default causing the ports to still be closed in the active
    zone.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1278432

 kickstarts/base.ks.erb                    | 2 --
 kickstarts/partials/main/firewall.ks.erb  | 5 -----
 kickstarts/partials/post/firewalld.ks.erb | 7 +++++++
 3 files changed, 7 insertions(+), 7 deletions(-)
 delete mode 100644 kickstarts/partials/main/firewall.ks.erb
Comment 6 Ramesh A 2015-11-17 05:14:16 EST
Good to go.  Verified and working fine in 5.5.0.10-beta2.1.20151110134042_d6f5459


Firewall status:
=================
[root@server vmdb]# service firewalld status
Redirecting to /bin/systemctl status  firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Mon 2015-11-16 03:39:21 EST; 1 day 1h ago
 Main PID: 727 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─727 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid


Port status:
===============
[root@server vmdb]# iptables -L -n -v
Chain IN_manageiq_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   51  3060 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5432 ctstate NEW
    9   540 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW
  164  9840 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
  476 28560 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:443 ctstate NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5432 ctstate NEW
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:80 ctstate NEW
   16   960 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:5900:5999 ctstate NEW
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
Comment 8 errata-xmlrpc 2015-12-08 08:44:35 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2015:2551

Note You need to log in before you can comment on or make changes to this bug.