Proposed title of this feature request Ability to install/activate RHEV-H / RHEL-H hosts without the use of https (443). Who is the customer behind the request? Thomas Krieger Account name: Cortal Consors S.A. Customer segment: 1 TAM/SRM customer yes/no: Yes VHT score: N/A What is the nature and description of the request? The customer would like to remove the https requests made from a newly installed or activated host to the RHEV-M host in order to gather certificates etc. These should be replaced with SCP transfers or transfers over the common vdsm ports. Why does the customer need this? (List the business requirements here) By removing the https requests the customer is able to secure a common port between their DMZ and corp network where their RHEV-M systems are hosted. How would the customer like to achieve this? (List the functional requirements here) Fix to the installation / activation code used by hosts and RHEV-M. For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Simply by monitoring the requests made from a host during installation / activation. Is there already an existing RFE upstream or in Red Hat bugzilla? No. How quickly does this need resolved? (desired target release) RHEV 3.0 Z-Stream or minor update. Does this request meet the RHEL Bug and Feature Inclusion Criteria (please review) Yes. List the affected packages RHEV-H, RHEV-M, vdsm Would the customer be able to assist in testing this functionality if implemented? Yes.
After bootstrap rewrite, if initiated by the engine, host and node may be added without use HTTP protocol. Registration of nodes still uses HTTP protocol, but this is optional process now.
Hi Alon, to clarify are we saying that in 3.2 when users add a host from the management console HTTP(S) won't be required but that it will still be required if you register to the manager from the node side?
(In reply to comment #4) > Hi Alon, to clarify are we saying that in 3.2 when users add a host from the > management console HTTP(S) won't be required but that it will still be > required if you register to the manager from the node side? Exactly.
Verified. Added the following rules to iptables of the engine: REJECT tcp -- {IP_OF_HOST} anywhere state NEW tcp dpt:https reject-with icmp-port-unreachable REJECT tcp -- {IP_OF_HOST} anywhere state NEW tcp dpt:http reject-with icmp-port-unreachable adding rhel-like host - PASS adding rhevh host from rhevm - PASS adding rhevh host (addition initiated by rhevh) - FAILED
This bug is currently attached to errata RHEA-2013:14491. If this change is not to be documented in the text for this errata please either remove it from the errata, set the requires_doc_text flag to minus (-), or leave a "Doc Text" value of "--no tech note required" if you do not have permission to alter the flag. Otherwise to aid in the development of relevant and accurate release documentation, please fill out the "Doc Text" field above with these four (4) pieces of information: * Cause: What actions or circumstances cause this bug to present. * Consequence: What happens when the bug presents. * Fix: What was done to fix the bug. * Result: What now happens when the actions or circumstances above occur. (NB: this is not the same as 'the bug doesn't present anymore') Once filled out, please set the "Doc Type" field to the appropriate value for the type of change made and submit your edits to the bug. For further details on the Cause, Consequence, Fix, Result format please refer to: https://bugzilla.redhat.com/page.cgi?id=fields.html#cf_release_notes Thanks in advance.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0888.html