Bug 1298096 - Red Hat Storage Console should be fully functional with firewall activated
Red Hat Storage Console should be fully functional with firewall activated
Status: VERIFIED
Product: Red Hat Storage Console
Classification: Red Hat
Component: unclassified (Show other bugs)
2
Unspecified Unspecified
unspecified Severity unspecified
: ---
: 2
Assigned To: Darshan
Martin Bukatovic
: TestBlocker
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-13 04:00 EST by Martin Kudlej
Modified: 2016-08-11 14:24 EDT (History)
9 users (show)

See Also:
Fixed In Version: rhscon-core-0.0.29-1.el7scon.x86_64.rpm
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Gerrithub.io 282001 None None None 2016-06-28 04:54 EDT

  None (edit)
Description Martin Kudlej 2016-01-13 04:00:22 EST
Description of problem:
Now firewall should be disabled for correct functionality. I think RHSCon should work with activated firewall.

Version-Release number of selected component (if applicable):
rhscon-ui-0.0.6-0.1.alpha1.el7.noarch
rhscon-core-0.0.6-0.1.alpha1.el7.x86_64
rhscon-ceph-0.0.4-0.1.alpha1.el7.x86_64
Comment 5 Ju Lim 2016-06-17 08:55:39 EDT
Port list has been documented by Dev team on Trello card, but QE team meeds to be verify and ensure it's documented.
Comment 6 Nishanth Thomas 2016-06-17 08:57:01 EDT
Published the list of ports to be documented. Once QE verifies, need to move this bug to documentaion
Comment 7 Martin Bukatovic 2016-06-24 09:19:51 EDT
(In reply to Nishanth Thomas from comment #6)
> Published the list of ports to be documented. Once QE verifies, need to move
> this bug to documentaion

There are some tweaks in the progress, along with the documentation. Moving
back to assigned and the dev team is expected to flip it back to ON_QA when
the setup is finalized.
Comment 8 Darshan 2016-06-28 04:54:32 EDT
The firewall configuration to be documented has been communicated to doc team. It is also documented in skyring github wiki: https://github.com/skyrings/skyring/wiki/Firewall-configuration-for-skyring.

Have sent a patch for removing the disable of firewalld during skyring-setup.
Comment 9 Ken Dreyer (Red Hat) 2016-06-28 08:51:04 EDT
Note, the ceph-installer package contains its own firewalld service definition, so you can avoid specifying the port number (8181), and simply enable it like so:

sudo firewall-cmd --zone=public --add-service=ceph-installer
Comment 10 Martin Bukatovic 2016-06-28 10:13:47 EDT
(In reply to Ken Dreyer (Red Hat) from comment #9)
> Note, the ceph-installer package contains its own firewalld service
> definition, so you can avoid specifying the port number (8181), and simply
> enable it like so:
> 
> sudo firewall-cmd --zone=public --add-service=ceph-installer

I have created new RFE BZ 1350859 to track this feature.
Comment 13 Martin Bukatovic 2016-08-11 14:21:43 EDT
Based on section "2.4. Firewall Configuration" of "Red Hat Storage Console 2.0
Quick Start Guide", I reconfigured and enabled firewall in QE deployment setup.

Checking with
=============

On RHSC 2.0 server machine:

rhscon-ui-0.0.53-1.el7scon.noarch
rhscon-core-0.0.41-1.el7scon.x86_64
rhscon-ceph-0.0.40-1.el7scon.x86_64
rhscon-core-selinux-0.0.41-1.el7scon.noarch
ceph-ansible-1.0.5-32.el7scon.noarch
ceph-installer-1.0.15-1.el7scon.noarch

On Ceph 2.0 storage machines:

rhscon-core-selinux-0.0.41-1.el7scon.noarch
rhscon-agent-0.0.18-1.el7scon.noarch
ceph-common-10.2.2-38.el7cp.x86_64
ceph-selinux-10.2.2-38.el7cp.x86_64

Verification
============

With firewall enabled, our API test suite is passing without any issues.

Note You need to log in before you can comment on or make changes to this bug.