Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1337531

Summary: RH-Satellite-6 does not contain port for TFTP (UDP 69)
Product: Red Hat Satellite Reporter: Nenad Peric <nperic>
Component: OtherAssignee: satellite6-bugs <satellite6-bugs>
Status: CLOSED DUPLICATE QA Contact: Katello QA List <katello-qa-list>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.2.0CC: egarver, swadeley
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-14 06:38:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1422149    
Bug Blocks:    

Description Nenad Peric 2016-05-19 12:00:51 UTC 
Description of problem:

When configuring firewall for Sat6 on RHEL7 using firewall-cmd, user would presume that adding RH-Satellite-6 service (as indicated by the docs as well) would provide for all the necessary ports for the Satellite to function properly. 
It doesn't.

Version-Release number of selected component (if applicable):

satellite-6.2.0-12.0.el7sat

How reproducible:
 Every time

Steps to Reproduce:
1. Run firewall-cmd --add-servic=RH-Satellite-6
2.
3.

Actual results:

Port for TFTP (udp 69) is not included in the firewall rules. 
Any PXE provisioning will therefore fail. 

Expected results:

All the necessary ports for basic Satellite functions should be included in the RH-Satellite-6 service definition. 

Additional info:

Current service definition:

<service>
  <short>Red Hat Satellite 6</short>
  <description>Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.</description>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="5646-5647"/>
  <port protocol="tcp" port="5671"/>
  <port protocol="tcp" port="8140"/>
  <port protocol="tcp" port="8080"/>
  <port protocol="tcp" port="9090"/>
</service>
Comment 1 Bryan Kearney 2016-07-26 18:58:02 UTC 
Moving 6.2 bugs out to sat-backlog.
Comment 2 Stephen Wadeley 2016-08-22 12:46:31 UTC 
Hello

this should be a firewalld bug, and possibly cloned for docs. I suggest we just remove that --add-servic=RH-Satellite-6 example and use previous verbose example as that way its more transparent.
Comment 3 Stephen Wadeley 2016-08-22 12:54:49 UTC 
Hello

For Sat 6.2, you can see the port is mentioned in the tables, but then the problem command option is used further down:
https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-2-preparing-your-environment-for-installation#ports_prerequisites

For Sat6.1, you can see this issue does not apply:
https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/6.1/html/Installation_Guide/sect-Red_Hat_Satellite-Installation_Guide-Prerequisites.html
Comment 4 Stephen Wadeley 2017-01-05 09:43:59 UTC 
I noted this issue here:

What ports need to be opened in the firewall for Satellite 6 services? - Red Hat Customer Portal - https://access.redhat.com/solutions/1193673
Comment 5 Stephen Wadeley 2017-01-05 12:40:51 UTC 
I guess that only a Satellite that is provisioning directly attached clients needs this?
Comment 11 Stephen Wadeley 2017-08-14 06:38:23 UTC 
Hello


This bug will be resolved as part of:

Bug 1422149 - The RH-Satellite-6 firewall service file is missing ports


Thank you

*** This bug has been marked as a duplicate of bug 1422149 ***