Description of problem: Ports 5900:5999 not enabled in firewall Version-Release number of selected component (if applicable): 5.5.0.9-beta2.20151102161742_5530c9a How reproducible: 100% Steps to Reproduce: 1. Deploy new appliance 2. ssh to the appliance and check for the ports enabled in the iptables (iptables -L -n -v) Actual results: Ports 5900:5999 not enabled in firewall Expected results: Ports 5900:5999 should be enabled in firewall Additional info:
https://github.com/ManageIQ/manageiq-appliance-build/pull/77
5.5.z MR http://gitlab.cloudforms.lab.eng.rdu2.redhat.com/cloudforms/cfme-appliance-build/merge_requests/2
New commit detected on ManageIQ/manageiq-appliance-build/master: https://github.com/ManageIQ/manageiq-appliance-build/commit/d6dbe51a513fd37e61a099541493662b79980779 commit d6dbe51a513fd37e61a099541493662b79980779 Author: Nick Carboni <ncarboni> AuthorDate: Thu Nov 5 10:14:09 2015 -0500 Commit: Nick Carboni <ncarboni> CommitDate: Thu Nov 5 17:05:25 2015 -0500 Enable ports 5900-5999 for HTML5 console Removed the `firewall` command in favor of opening ports in the post section. The kickstart `firewall` command was adding the ports to the default zone which is "public" at the time the main section runs. We later create the "manageiq" zone and set that to the default causing the ports to still be closed in the active zone. https://bugzilla.redhat.com/show_bug.cgi?id=1278432 kickstarts/base.ks.erb | 2 -- kickstarts/partials/main/firewall.ks.erb | 5 ----- kickstarts/partials/post/firewalld.ks.erb | 7 +++++++ 3 files changed, 7 insertions(+), 7 deletions(-) delete mode 100644 kickstarts/partials/main/firewall.ks.erb
Good to go. Verified and working fine in 5.5.0.10-beta2.1.20151110134042_d6f5459 Firewall status: ================= [root@server vmdb]# service firewalld status Redirecting to /bin/systemctl status firewalld.service firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled) Active: active (running) since Mon 2015-11-16 03:39:21 EST; 1 day 1h ago Main PID: 727 (firewalld) CGroup: /system.slice/firewalld.service └─727 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Port status: =============== [root@server vmdb]# iptables -L -n -v Chain IN_manageiq_allow (1 references) pkts bytes target prot opt in out source destination 51 3060 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 ctstate NEW 9 540 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW 164 9840 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW 476 28560 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:443 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5432 ctstate NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:80 ctstate NEW 16 960 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:5999 ctstate NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2015:2551