Bug 1425926 - port 8080 is needed by candlepin for one-time initialization
Summary: port 8080 is needed by candlepin for one-time initialization
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Installation
Version: 6.2.7
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Katello QA List
URL:
Whiteboard:
Depends On:
Blocks: 1435022
TreeView+ depends on / blocked
 
Reported: 2017-02-22 18:43 UTC by Chris Duryee
Modified: 2018-09-04 17:46 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-04 17:46:21 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 19095 0 Normal Closed port 8080 is needed by candlepin for one-time initialization 2021-01-25 16:57:00 UTC

Description Chris Duryee 2017-02-22 18:43:06 UTC
Description of problem: Candlepin requires a single API call to port 8080 during initialization. This can be tricky to allow for users with firewall rules that restrict localhost traffic.

Version-Release number of selected component (if applicable): 6.2.7

Candlepin requires access to port 8080 on localhost for the installation to succeed. We can add a firewall rule for this in the docs, but it is a one-time thing that only needs to be enabled during install, and can then be disabled.

Additionally, the firewall rule would have to be crafted to not allow access from other hosts. The server.xml default will bind it to 0.0.0.0 instead of 127.0.0.1. Once the installation is complete, users have to remember to disable 8080 on localhost again.

Ideally, the initialization could occur without this one-time call to this port. Then we could just remove the 8080 listener entirely.

Comment 4 Stephen Benjamin 2017-03-13 15:37:39 UTC
@Barnaby - Why was this set back to the installer? The request from Beav seems to be for Candlepin not to require this API call at all.

Comment 5 Barnaby Court 2017-03-13 15:50:47 UTC
I understood the request to be, have a way to not require the API call at all. That change would be for the installer to insert the admin user directly into the database. I will happily work that with the installer team but it would be happening outside of the candlepin API. 

Short of that, I don't see a reason the existing API couldn't be called via port 8443.

Comment 6 Stephen Benjamin 2017-03-30 16:50:55 UTC
Created redmine issue http://projects.theforeman.org/issues/19095 from this bug

Comment 7 Bryan Kearney 2018-09-04 17:46:21 UTC
Thank you for your interest in Satellite 6. We have evaluated this request, and we do not expect this to be implemented in the product in the foreseeable future. We are therefore closing this out as WONTFIX. If you have any concerns about this, please feel free to contact Rich Jerrido or Bryan Kearney. Thank you.


Note You need to log in before you can comment on or make changes to this bug.