1337531 – RH-Satellite-6 does not contain port for TFTP (UDP 69)

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1337531 - RH-Satellite-6 does not contain port for TFTP (UDP 69)

Summary: RH-Satellite-6 does not contain port for TFTP (UDP 69)

Keywords:
Status:	CLOSED DUPLICATE of bug 1422149
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Other
Sub Component:
Version:	6.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	Unspecified
Assignee:	satellite6-bugs
QA Contact:	Katello QA List
Docs Contact:
URL:
Whiteboard:
Depends On:	1422149
Blocks:
TreeView+	depends on / blocked

Reported:	2016-05-19 12:00 UTC by Nenad Peric
Modified:	2017-08-14 06:38 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-14 06:38:23 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1328315	1	None	None	None	2021-01-20 06:05:38 UTC

Internal Links: 1328315

Description Nenad Peric 2016-05-19 12:00:51 UTC

Description of problem:

When configuring firewall for Sat6 on RHEL7 using firewall-cmd, user would presume that adding RH-Satellite-6 service (as indicated by the docs as well) would provide for all the necessary ports for the Satellite to function properly. 
It doesn't.

Version-Release number of selected component (if applicable):

satellite-6.2.0-12.0.el7sat

How reproducible:
 Every time

Steps to Reproduce:
1. Run firewall-cmd --add-servic=RH-Satellite-6
2.
3.

Actual results:

Port for TFTP (udp 69) is not included in the firewall rules. 
Any PXE provisioning will therefore fail. 

Expected results:

All the necessary ports for basic Satellite functions should be included in the RH-Satellite-6 service definition. 

Additional info:

Current service definition:

<service>
  <short>Red Hat Satellite 6</short>
  <description>Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.</description>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="5646-5647"/>
  <port protocol="tcp" port="5671"/>
  <port protocol="tcp" port="8140"/>
  <port protocol="tcp" port="8080"/>
  <port protocol="tcp" port="9090"/>
</service>

Comment 1 Bryan Kearney 2016-07-26 18:58:02 UTC

Moving 6.2 bugs out to sat-backlog.

Comment 2 Stephen Wadeley 2016-08-22 12:46:31 UTC

Hello

this should be a firewalld bug, and possibly cloned for docs. I suggest we just remove that --add-servic=RH-Satellite-6 example and use previous verbose example as that way its more transparent.

Comment 3 Stephen Wadeley 2016-08-22 12:54:49 UTC

Hello

For Sat 6.2, you can see the port is mentioned in the tables, but then the problem command option is used further down:
https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-2-preparing-your-environment-for-installation#ports_prerequisites

For Sat6.1, you can see this issue does not apply:
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/Installation_Guide/sect-Red_Hat_Satellite-Installation_Guide-Prerequisites.html

Comment 4 Stephen Wadeley 2017-01-05 09:43:59 UTC

I noted this issue here:

What ports need to be opened in the firewall for Satellite 6 services? - Red Hat Customer Portal - https://access.redhat.com/solutions/1193673

Comment 5 Stephen Wadeley 2017-01-05 12:40:51 UTC

I guess that only a Satellite that is provisioning directly attached clients needs this?

Comment 11 Stephen Wadeley 2017-08-14 06:38:23 UTC

Hello


This bug will be resolved as part of:

Bug 1422149 - The RH-Satellite-6 firewall service file is missing ports


Thank you

*** This bug has been marked as a duplicate of bug 1422149 ***

Note You need to log in before you can comment on or make changes to this bug.