Hide Forgot
Document URL: https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-2-preparing-your-environment-for-installation Section Number and Name: 2.5. PORTS AND FIREWALLS REQUIREMENTS Describe the issue: When an additional Capsule for example in another network is in place, that Capsule takes over the entire communication with attached, managed RHEL clients. There is no further communication between Satellite Server and RHEL clients anymore. This is however nowhere explicitly stated. A reader has to deduce this information, and given the port tables this is not easy to do. Suggestions for improvement: Add the following paragraph: If an additional Capsule is present, for example to server another network, all managed clients in that network only communicate with that Capsule. There are no additional direct connections between the managed clients and the Satellite Server in that case. Additional information: This information is needed because other sources of information about the Satellite communication ports, like https://access.redhat.com/solutions/2470641 , do still list Client <-> Satellite Server connections which is highly misleading.
Hello Thank you for raising this bug.
Hello In the beginning of the section "Ports and Firewalls Requirements" there is a paragraph: The Satellite Server has an integrated Capsule and any host that is directly connected to the Satellite Server is a Client of the Satellite in the context of these tables. This includes the base system on which a Capsule Server is running. Would it help if we added: "Systems which are clients of Capsules, other than the internal Capsule, do not need access to the Satellite Server." We can also add a link to the Architecture Guide's "Capsule Networking" page[1] In the section "Enabling Connections from a Client to Satellite Server" there is this opening sentence: "You must configure the firewall on Satellite to enable incoming connections from a Client and to make these rules persistent during reboots " Would it help if we changed that to something like: Systems which are clients of Satellite Server's internal Capsule require access thorough host and networked based firewalls. This sectioned describes configuring the host-based firewall on Satellite Server's base system to enable incoming connections from a Client and to make these rules persistent during reboots. Thank you [1] https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/architecture-guide/23-capsule-networking
Dear Stephen, thanks for the quick reply. The first mentioned sentence would be what I was looking for. The added link would be a bonus if not too much of a trouble. The second suggested sentence regarding the firewalls also clarifies the opening sentence, I like that.
big +1 from me, this clarifies it also, whoever did that graphs in the arch guide: awesome, can I buy you $favoritebeverage?
Hello Roland Thank you for comment 3, I will go ahead and make those changes. Note to self: good time to change "persistent during reboots" to "persistent across system reboots". = = Hello Evgeni Thank you for comment 4 If you mean the Satellite Topology diagrams they were made at my request by Jess Schaefer. Thank you
Dear team, a customer reviewed the change already and was very happy about your quick reaction, the improvement of the documentation and the entire and overall process in general. My customer asked me explicitly to say "thanks" to you. Well done, and thank you very much! =)
Dear Roland and customer, thank you for saying thank you