I’m taking Red Hat Satellite 6 exam next week and rather than trying to memorize everything I’m trying to find documentation/man pages that are installed on the server itself.
What I’m looking for specifically is firewall rule exceptions for Satellite and Capsule servers in a man page/info page or /usr/local/share/doc directory.
So far, I’ve had zero luck. Since the Red Hat exams have no internet access, what are my options for documentation?
I can get satellite/foreman installed just fine, but I know I’m going to be stressed out on test day and I’ll need LOCAL references.
Can anyone assist on where/how I can get the documentation installed locally ?
Hello,
this should get you started:
[lzap@box ~]$ firewall-cmd --get-services | grep -o RH-Satellite-6
RH-Satellite-6
[lzap@box ~]$ cat /usr/lib/firewalld/services/RH-Satellite-6.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Red Hat Satellite 6</short>
<description>Red Hat Satellite 6 is a systems management server that can be used to configure new systems, subscribe to updates, and maintain installations in distributed environments.</description>
<port protocol="tcp" port="53"/>
<port protocol="udp" port="53"/>
<port protocol="udp" port="67-69"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
<port protocol="tcp" port="5000"/>
<port protocol="tcp" port="5646-5647"/>
<port protocol="tcp" port="5671"/>
<port protocol="tcp" port="8000"/>
<port protocol="tcp" port="8080"/>
<port protocol="tcp" port="8140"/>
<port protocol="tcp" port="9090"/>
</service>
Then you can do something like:
firewall-cmd --zone=public --add-service=RH-Satellite-6
Full disclosure: I have no idea what firewalld version is available during exams. The configuration file is two years old, there was one update:
Good luck with exams! Feel free to share your experience afterwards.
One more thing, I reviewed according to 6.3 documentation and it looks like the XML is missing 8443 port. Can you comment @katello guys?
I propose to rename this from RH-Satellite-6 to simply “foreman” and I am adding the missing port here:
@lzap 8443 is only used between Client→Proxy, not between Client→Foreman, so it’s not missing per se. You could argue that firewalld needs a Proxy/Capsule profile too, though.
But the XML definition is for both foreman and proxy (server and capsule).
Is it? It’s called Satellite-6 after all. And I’d argue that openining 8443 on the Satellite/Katello is not what you want. That port has Candlepin/Tomcat running (and should only listen to 127.0.0.1, but does 0.0.0.0 for certificate reasons at the moment).
Can you create a BZ for the docs team to remove this from docs then? I will remove this from my patch as well.
Since I am actually renaming RH-Satellite-6 to simply “foreman” I can take advantage of this and split this. But I was unable to find a good naming convention and port sets to be honest. If you have good ideas…
The docs only mention it for capsules? Or am I overlooking something.
I think renaming it to foreman is wrong, as it e.g. includes the qdrouterd port, which Foreman does not use. I’d go with four sets (dunno if they can inherit in firewalld?): foreman, katello (like foreman but with the added Katello bits), foreman-proxy and foreman-proxy_with_content?
I closed the pull request, let’s keep that as RH-Satellite-6.