Bug 1476311 - [Docs][Planning] Include port number 111 in documentation of "Hypervisor Firewall Requirements" [NEEDINFO]
[Docs][Planning] Include port number 111 in documentation of "Hypervisor Fire...
Status: ASSIGNED
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation (Show other bugs)
4.1.3
All Linux
high Severity medium
: ovirt-4.1.6
: ---
Assigned To: Tahlia Richardson
rhev-docs@redhat.com
:
: 1476308 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-28 11:29 EDT by Ulhas Surse
Modified: 2017-11-09 19:49 EST (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Docs
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
trichard: needinfo? (tnisan)


Attachments (Terms of Use)

  None (edit)
Description Ulhas Surse 2017-07-28 11:29:19 EDT
Description of problem:
The port for NFSv3 111 is configured on the host firewall when it is registered from manager. 

Version-Release number of selected component (if applicable):
RHVM 4.1.3

How reproducible:
Always

Steps to Reproduce:
1. Install Host and add / register it to Manager.
2. After registering the host, check the host firewall.
3. the port 111 is configured to be allowed but it is not mentioned in documentation. 

Actual results:
111 port is not present for host in document. 

Expected results:
Include 111 port inclusion in documentation. 

Additional info:
Document link: 

2.3.2. Hypervisor Firewall Requirements
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/installation_guide/sect-firewalls#Virtualization_Host_Firewall_Requirements1
Comment 1 Lucy Bopf 2017-07-30 19:13:08 EDT
*** Bug 1476308 has been marked as a duplicate of this bug. ***
Comment 2 Tahlia Richardson 2017-08-09 03:05:10 EDT
Didi, can you provide the info required for the table (Protocol, Source, Destination, Purpose) for port 111?
Comment 3 Yedidyah Bar David 2017-08-10 08:16:53 EDT
I guess the reason for including it is bug 1177624.

Tal, can you provide the information Tahlia asked for? Thanks.
Comment 4 Tal Nisan 2017-08-16 06:51:13 EDT
I basically moved them from one section in the config to another according to bug 1177624, it is used for the portmapper
Comment 5 Yedidyah Bar David 2017-08-16 07:41:31 EDT
(In reply to Tal Nisan from comment #4)
> I basically moved them from one section in the config to another according
> to bug 1177624, it is used for the portmapper

Yes, I saw that, but why?

This table has (Protocol, Source, Destination, Purpose).

Protocol is "portmapper".
Destination is "Virtualization Host".

Not sure about the source (engine? another host? no idea) and Purpose (the bug implies we might use it for statsd notifications about locks, but bug 1177624 comment 3 says we do not actually use nfs locks, so not sure).
Comment 7 Tahlia Richardson 2017-11-08 23:52:44 EST
From email with Tal: 
> The destination is "virtualization host" the protocol is "port mapper" 
> and the source is "NFS storage server"

I still have two things to follow up on: 

1. A short description of what the port is for (i.e. the Purpose column in https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.1/html/planning_and_prerequisites_guide/requirements#host-firewall-requirements)

2. I'm confused by the Protocol being "portmapper". All other ports in the table linked above have either TCP or UDP under the Protocol column. Checking the open ports on one of my own hosts suggests TCP for port 111.

Note You need to log in before you can comment on or make changes to this bug.