Bug 1298096 - Red Hat Storage Console should be fully functional with firewall activated
Summary: Red Hat Storage Console should be fully functional with firewall activated
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Storage Console
Classification: Red Hat Storage
Component: unclassified
Version: 2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: 2
Assignee: Nishanth Thomas
QA Contact: Martin Bukatovic
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-01-13 09:00 UTC by Martin Kudlej
Modified: 2018-11-19 05:33 UTC (History)
8 users (show)

Fixed In Version: rhscon-core-0.0.29-1.el7scon.x86_64.rpm
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-11-19 05:33:26 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Gerrithub.io 282001 0 None None None 2016-06-28 08:54:31 UTC
Red Hat Bugzilla 1350859 0 unspecified CLOSED RFE provide firewalld service files for all RHSC components 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 1366186 0 unspecified CLOSED [doc] issues with description of firewall configuration 2021-02-22 00:41:40 UTC

Internal Links: 1350859 1366186

Description Martin Kudlej 2016-01-13 09:00:22 UTC 
Description of problem:
Now firewall should be disabled for correct functionality. I think RHSCon should work with activated firewall.

Version-Release number of selected component (if applicable):
rhscon-ui-0.0.6-0.1.alpha1.el7.noarch
rhscon-core-0.0.6-0.1.alpha1.el7.x86_64
rhscon-ceph-0.0.4-0.1.alpha1.el7.x86_64
Comment 5 Ju Lim 2016-06-17 12:55:39 UTC 
Port list has been documented by Dev team on Trello card, but QE team meeds to be verify and ensure it's documented.
Comment 6 Nishanth Thomas 2016-06-17 12:57:01 UTC 
Published the list of ports to be documented. Once QE verifies, need to move this bug to documentaion
Comment 7 Martin Bukatovic 2016-06-24 13:19:51 UTC 
(In reply to Nishanth Thomas from comment #6)
> Published the list of ports to be documented. Once QE verifies, need to move
> this bug to documentaion

There are some tweaks in the progress, along with the documentation. Moving
back to assigned and the dev team is expected to flip it back to ON_QA when
the setup is finalized.
Comment 8 Darshan 2016-06-28 08:54:32 UTC 
The firewall configuration to be documented has been communicated to doc team. It is also documented in skyring github wiki: https://github.com/skyrings/skyring/wiki/Firewall-configuration-for-skyring.

Have sent a patch for removing the disable of firewalld during skyring-setup.
Comment 9 Ken Dreyer (Red Hat) 2016-06-28 12:51:04 UTC 
Note, the ceph-installer package contains its own firewalld service definition, so you can avoid specifying the port number (8181), and simply enable it like so:

sudo firewall-cmd --zone=public --add-service=ceph-installer
Comment 10 Martin Bukatovic 2016-06-28 14:13:47 UTC 
(In reply to Ken Dreyer (Red Hat) from comment #9)
> Note, the ceph-installer package contains its own firewalld service
> definition, so you can avoid specifying the port number (8181), and simply
> enable it like so:
> 
> sudo firewall-cmd --zone=public --add-service=ceph-installer

I have created new RFE BZ 1350859 to track this feature.
Comment 13 Martin Bukatovic 2016-08-11 18:21:43 UTC 
Based on section "2.4. Firewall Configuration" of "Red Hat Storage Console 2.0
Quick Start Guide", I reconfigured and enabled firewall in QE deployment setup.

Checking with
=============

On RHSC 2.0 server machine:

rhscon-ui-0.0.53-1.el7scon.noarch
rhscon-core-0.0.41-1.el7scon.x86_64
rhscon-ceph-0.0.40-1.el7scon.x86_64
rhscon-core-selinux-0.0.41-1.el7scon.noarch
ceph-ansible-1.0.5-32.el7scon.noarch
ceph-installer-1.0.15-1.el7scon.noarch

On Ceph 2.0 storage machines:

rhscon-core-selinux-0.0.41-1.el7scon.noarch
rhscon-agent-0.0.18-1.el7scon.noarch
ceph-common-10.2.2-38.el7cp.x86_64
ceph-selinux-10.2.2-38.el7cp.x86_64

Verification
============

With firewall enabled, our API test suite is passing without any issues.
Note You need to log in before you can comment on or make changes to this bug.