Bug 1563728 - Add firewall configuration to '10.5.2. Configuring a Quorum Device' procedure
Summary: Add firewall configuration to '10.5.2. Configuring a Quorum Device' procedure
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-High_Availability_Add-On_Reference
Version: 7.4
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Steven J. Levine
QA Contact: cluster-qe@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-04 14:49 UTC by Ondrej Faměra
Modified: 2019-03-06 00:54 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-10 15:04:57 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Ondrej Faměra 2018-04-04 14:49:08 UTC
== Document URL, Section Number and Name: 
10.5.2. Configuring a Quorum Device
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/high_availability_add-on_reference/s1-quorumdev-haar#s2-quorumdevconfig-HAAR

== Describe the issue: 
Following procedure for configuring Quorum device I will fail on step 
'2. From one of the nodes in the existing cluster, authenticate user hacluster on the node that is hosting the quorum device.' with error below

# pcs cluster auth qdevice
Username: hacluster
Password:
Error: Unable to communicate with qdevice

== Suggestions for improvement: 
Problem is that 'high-availability' service was not added to firewall on 'qdevice' machine. There is some information about this in 1.3. that the port 5403 is part of 'high-availability' service in firewalld and should be enabled on 'quorum device host', but that part of documentation is "too far" from this procedure.

I propose adding step before current step 2:

2. Enable ports on firewall needed by `pcsd` daemon and `net` `qdevice` by enabling 'high-availability' service on firewalld with commands below.

  [root@qdevice:~]# firewall-cmd --permanent --add-service=high-availability
  [root@qdevice:~]# firewall-cmd --add-service=high-availability

3. <former step 2.> From one of the nodes in the existing cluster, authenticate user hacluster on the node that is hosting the quorum device. ...

Comment 4 Steven J. Levine 2018-04-05 14:22:37 UTC
This update should be on the Portal at 7.5 GA.  I will check at that time and close the BZ.


Note You need to log in before you can comment on or make changes to this bug.