Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1518471

Summary: [DOCS] Needs a note on port 1936 in Required ports
Product: OpenShift Container Platform Reporter: Takayoshi Kimura <tkimura>
Component: DocumentationAssignee: brice <bfallonf>
Status: CLOSED CURRENTRELEASE QA Contact: Meng Bo <bmeng>
Severity: medium Docs Contact: Vikram Goyal <vigoyal>
Priority: medium    
Version: 3.6.0CC: aos-bugs, bfallonf, bmeng, dmoessne, jokerman, mmccomas, tkimura
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-01-07 23:06:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Takayoshi Kimura 2017-11-29 01:40:22 UTC 
Document URL: 

https://docs.openshift.com/container-platform/3.6/install_config/install/prerequisites.html#required-ports

Section Number and Name: 

Installation and Configuration - Installing a Cluster - Prerequisites

Describe the issue: 

The 1936 port is listed on the required ports table in IaaS Deployment.

This is an exception, this is OPTIONAL port and installer won't open this port in iptables by default, so users cannot access to this port even it's allowed in the security configuration of the cloud provider.

Suggestions for improvement: 

Clearly state it's an OPTIONAL port and need to modify iptables rule manually to access this port on router hosts after running the installation.

W need to add the following line in /etc/sysconfig/iptables file along with other "OS_FIREWALL_ALLOW" lines:

> -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 1936 -j ACCEPT

Additional information:
Comment 1 brice 2017-12-18 05:07:41 UTC 
Takayoshi,

I can add a note saying that port 1936 is optional. However, I'm not sure what you're asking for as the second part. Are you suggesting I add a step about changing the /etc/sysconfig/iptables file to the table?

I can see there's a command on how to open specific firewall ports here (in the 3.6 docs):

https://docs.openshift.com/container-platform/3.6/admin_guide/router.html#admin-guide-router-view-stats


I can add that command to the Required Ports section of the docs easily.
Comment 2 Takayoshi Kimura 2017-12-18 05:14:34 UTC 
> Are you suggesting I add a step about changing the /etc/sysconfig/iptables file to the table?
> 
> I can see there's a command on how to open specific firewall ports here (in the 3.6 docs):
> 
> https://docs.openshift.com/container-platform/3.6/admin_guide/router.html#admin-guide-router-view-stats

Yes but I think a link to the above URL is better.

We got a customer who opens the 1936 port in the security group, but still inaccessible because of iptables. We need some description on this page to avoid this kind of misleading.
Comment 3 brice 2017-12-19 02:20:23 UTC 
Thanks, Takayoshi

I've created a PR for this BZ:

https://github.com/openshift/openshift-docs/pull/6881

I've added an "optional" statement to the port list in the table, and added a point in the notes below the table about how the change it. Please let me know if there's anything more required for this BZ.

For QA:

I'd like to know if the iptables command would need any extra configuration. Thanks.
Comment 4 Meng Bo 2017-12-19 02:52:27 UTC 
@brice

The iptables changes in the doc are sufficient.
Comment 5 openshift-github-bot 2017-12-19 05:36:14 UTC 
Commit pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/830c302667c720aa3608bba995e64a563707ff64
Merge pull request #6881 from bfallonf/ports_1518471

Bug 1518471 Added info about port 1936
Comment 6 brice 2017-12-19 05:43:08 UTC 
Thanks. The above PR has merged. Moving to release_pending.
Comment 7 brice 2018-01-07 23:06:06 UTC 
Link to released docs:

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html-single/installation_and_configuration/#required-ports