The Installation Guide currently contains a list of required ports [1] for the Manager, hosts, database etc. It would be helpful to have a diagram like the one here [2] illustrating how the components communicate with each other, and through which ports. The diagram can be placed in either in the Install Guide or in the Tech Ref Guide (or both) [1] https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.2/html-single/Installation_Guide/index.html#sect-Firewall_Configuration [2] https://access.redhat.com/site/solutions/17634
Created attachment 779584 [details] rhev 3 ports pic
Raising RT3 ticket(RT#241787) to have that image brought on brand in line with other diagrams in our documentation. Hey Bryan, will you work with me to update this image for RHEV 3.3?
https://svn.devel.redhat.com/repos/ecs/artwork/images/241787/241787-RHEVM-network-ports.png Dan cleverly left numbered callouts rather than specific ports on the diagram, which makes it easier to update if required.
(In reply to Tim Hildred from comment #2) > Hey Bryan, will you work with me to update this image for RHEV 3.3? I will do my best. We may want to involve someone who's a bit more familiar with the underlying code because some components have changed over time. But, the best thing to start with is the default firewall on the hosts which I have included below: [root@rhev1 ~]# cat /etc/sysconfig/iptables # oVirt default firewall configuration. Automatically generated by vdsm bootstrap script. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -i lo -j ACCEPT # vdsm -A INPUT -p tcp --dport 54321 -j ACCEPT # SSH -A INPUT -p tcp --dport 22 -j ACCEPT # snmp -A INPUT -p udp --dport 161 -j ACCEPT # libvirt tls -A INPUT -p tcp --dport 16514 -j ACCEPT # guest consoles -A INPUT -p tcp -m multiport --dports 5634:6166 -j ACCEPT # migration -A INPUT -p tcp -m multiport --dports 49152:49216 -j ACCEPT # Reject any other input traffic -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -m physdev ! --physdev-is-bridged -j REJECT --reject-with icmp-host-prohibited COMMIT
Reassigning to Jodi Biddle (jbiddle) as I am no longer working on Red Hat Enterprise Virtualization documentation.
Pushing to 3.4.