Bug 2208277 - Update or deprecate Satellite firewalld service profiles RH-Satellite-6 and RH-Satellite-6-capsule
Summary: Update or deprecate Satellite firewalld service profiles RH-Satellite-6 and R...
Keywords:
Status: NEW
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Infrastructure
Version: 6.13.1
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: satellite6-bugs
QA Contact: Satellite QE Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-05-18 13:13 UTC by Taft Sanders
Modified: 2023-07-14 13:02 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SAT-18951 0 None None None 2023-07-14 13:02:09 UTC

Description Taft Sanders 2023-05-18 13:13:35 UTC
Description of problem:
This profile does not open all required ports for any supported of Satellite at this time. This profile is also not referenced in any supported version of Satellite documentation. As there are varying changes to ports from one Satellite version to the next along with needs of the user, I believe it would be very difficult to maintain a profile like this going forward.

Version-Release number of selected component (if applicable):
firewalld-0.3.9-11.el7.noarch - firewalld-0.6.3-8.el7_8.1.noarch
firewalld-0.6.3-7.el8.noarch - firewalld-0.9.3-13.el8.noarch
firewalld-1.0.0-4.el9.noarch - firewalld-1.2.1-1.el9.noarch

How reproducible:
n/a

Steps to Reproduce:
1.
2.
3.

Actual results:
# firewall-cmd --get-services
RH-Satellite-6 RH-Satellite-6-capsule amanda-client amanda-k5-client amqp
--snip--

# firewall-cmd --info-service=RH-Satellite-6
RH-Satellite-6
  ports: 5000/tcp 5646-5647/tcp 5671/tcp 8000/tcp 8080/tcp 9090/tcp
  protocols: 
  source-ports: 
  modules: 
  destination: 
  includes: foreman
  helpers: 

# firewall-cmd --info-service=RH-Satellite-6-capsule
RH-Satellite-6-capsule
  ports: 8443/tcp
  protocols: 
  source-ports: 
  modules: 
  destination: 
  includes: RH-Satellite-6
  helpers: 

Expected results:
Either ports and includes need to be updated for each minor release, or this profile should be retired.

Additional info:
6.13 Ports Documentation:
  Satellite:
    https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/installing_satellite_server_in_a_connected_network_environment/index#Ports_and_Firewalls_Requirements_satellite
  Capsule:
    https://access.redhat.com/documentation/en-us/red_hat_satellite/6.13/html-single/installing_capsule_server/index#capsule-ports-and-firewalls-requirements_capsule

6.12 Ports Documentation:
  Satellite:
    https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html-single/installing_satellite_server_in_a_connected_network_environment/index#Ports_and_Firewalls_Requirements_satellite
  Capsule:
    https://access.redhat.com/documentation/en-us/red_hat_satellite/6.12/html-single/installing_capsule_server/index#capsule-ports-and-firewalls-requirements_capsule

6.11 Port Documentation:
  Satellite:
    https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/installing_satellite_server_in_a_connected_network_environment/index#Ports_and_Firewalls_Requirements_satellite
  Capsule:
    https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/installing_capsule_server/index#capsule-ports-and-firewalls-requirements_capsule


Note You need to log in before you can comment on or make changes to this bug.