Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Chapter 2. Preparing your environment for installation
2.1. System Requirements
The following requirements apply to the networked base system:
- 64-bit architecture
- The latest version of Red Hat Enterprise Linux 6 Server or 7 Server
- A minimum of 2 CPU cores, 4 CPU cores are recommended
- A minimum of 12 GB memory is required for the Satellite Server to function, 16 GB of memory or more is recommended for each instance of Satellite Server. In addition, a minimum of 4 GB of swap space is also recommended. Satellite running with less memory than the minimum value may not operate correctly.
- A unique host name, which can contain lower-case letters, numbers, dots (.) and hyphens (-)
- A current Red Hat Satellite subscription
- Administrative user (root) access
- A system umask of 0022
- Full forward and reverse DNS resolution using a fully-qualified domain name
Before you install Satellite Server or Capsule Server, you should ensure that your environment meets the requirements for installation.
The Red Hat Satellite Server and Capsule Server versions must match. For example, a Satellite 6.1 Server cannot run a 6.2 Capsule Server and a Satellite 6.2 Server cannot run a 6.1 Capsule Server. Mismatching Satellite Server and Capsule Server versions results in the Capsule Server failing silently.
If you have a large number of content hosts, see Appendix A, Large Deployment Considerations to ensure that your environment is set up appropriately.
For more information on scaling your Capsule Servers, see Appendix B, Capsule Server Scalability Considerations.
2.2. Storage Requirements and Recommendations
Ensure that your environment meets the minimum requirements before installing Satellite Server or Capsule Server.
Packages that are duplicated in different repositories are only stored once on the disk. Additional repositories containing duplicate packages will require less additional storage. The bulk of storage resides in the /var/lib/mongodb/ and /var/lib/pulp/ directories. These end points are not manually configurable. Make sure that storage is available on the /var file system to prevent storage issues.
The /var/cache/pulp/ directory is used to temporarily store content while it is being synchronized. For content in RPM format, a maximum of 5 RPM files are stored in this directory at any time. After each file is synchronized, it is moved to the /var/lib/pulp/ directory. Up to eight RPM content synchronization tasks can be running simultaneously by default, with each using up to 1 GB of metadata. For content in ISO format, all ISO files per synchronization task are stored in /var/cache/pulp/ until the task is complete, after which they are moved to the /var/lib/pulp/ directory. For example, if you are synchronizing four ISO files, each 4 GB in size, this requires a total of 16 GB in the /var/cache/pulp/ directory. Take into account the number of ISO files you intend synchronizing because the temporary disk space required for them typically exceeds that of RPM content.
The /var/lib/qpidd/ directory uses slightly more than 2 MB per Content Host. For example, 10 000 Content Hosts would require 20 GB of disk space in /var/lib/qpidd/.
Storage Requirements
The following tables detail recommended storage requirements for specific directories. These values are based on expected use case scenarios and can vary according to individual environments. The Capsule Server table also applies to the Satellite Server as it has an integrated Capsule by default. Pay attention to your specific use case when reading the tables. For example, you could have a Capsule Server without Pulp enabled, in which case you do not need the same level of storage requirements for directories related to Pulp such as /var/lib/pulp/.
Table 2.1. Storage Requirements for Satellite Server Installation
| Directory | Installation Size | Runtime Size with Red Hat Enterprise Linux 5, 6, and 7 synchronized | Considerations |
|---|---|---|---|
| /var/cache/pulp/ | 1 MB | 10 GB (Minimum) | See the notes in this section’s introduction. |
| /var/lib/pulp/ | 1 MB | 500 GB |
|
| /var/lib/mongodb/ | 3.5 GB | 50 GB |
|
| /var/log/ | 10 MB | 250 MB | None |
| /var/lib/pgsql/ | 100 MB | 10 GB |
A minimum of 2 GB of available storage in |
| /usr | 3 GB | Not Applicable | None |
| /opt | 500 MB (Connected Installations) | Not Applicable |
Software collections are installed into the |
| /opt | 2 GB (Disconnected Installations) | Not Applicable |
|
Table 2.2. Storage Requirements for Capsule Server Installation
| Directory | Installation Size | Runtime Size with Red Hat Enterprise Linux 5, 6, and 7 synchronized | Considerations |
|---|---|---|---|
| /var/cache/pulp/ | 1 MB | 10 GB (Minimum) | See the notes in this section’s introduction. |
| /var/lib/pulp/ | 1 MB | 500 GB |
|
| /var/lib/mongodb/ | 3.5 GB | 50 GB |
|
Log files are written to /var/log/messages/, /var/log/httpd/, and /var/lib/foreman-proxy/openscap/content/. You can manage the size of these files using logrotate. For further information, see Log Rotation in the System Administrator’s Guide.
Storage Recommendations
-
Because most Satellite as well as Capsule Server data is stored within the
/vardirectory, it is strongly recommended to mount/varon LVM storage, enabling the system to scale. -
Red Hat recommends the usage of high-bandwidth, low-latency storage for the
/var/lib/pulp/and/var/lib/mongodb/directories. As Red Hat Satellite has many operations that are I/O intensive, usage of high latency, low-bandwidth storage could potentially have issues with performance degradation. It is recommended not to use NFS with MongoDB as MongoDB does not use conventional I/O to access data files and performance problems will occur when both the data files and the journal files are hosted on NFS. If required to use NFS, mount the volumes with the following option in the/etc/fstabfile:bg,nolock, andnoatime. - Do not use the GFS2 file system as the input-output latency has been found to be too high.
- For improved performance, use solid state drives (SSD) rather than hard disk drives (HDD).
The XFS file system is recommended for Red Hat Satellite 6 because it does not have the inode limitations that
ext4does. As Satellite uses a lot of symbolic links it is likely that your system will run out of inodes if usingext4and the default number of inodes.If you intend to use Red Hat Enterprise Linux 6 instead, contact your account team to learn about enabling XFS on this system. Also consider that long term support for Satellite 6 on Red Hat Enterprise Linux 6 has a shorter lifespan which might necessitate a migration from version 6 to 7 in the future. Red Hat Enterprise Linux 7 is highly recommended for new installations.
When
/var/lib/pulpdirectory is mounted using an NFS share, SELinux will block the synchronization process. To avoid this, specify the SELinux context of the/var/lib/pulpdirectory in the file system table by adding the following lines to/etc/fstab:nfs.example.com:/nfsshare /var/lib/pulp/content nfs context="system_u:object_r:httpd_sys_rw_content_t:s0" 1 2
If NFS share is already mounted, remount it using the above recommendation and run the following command:
# chcon -R system_u:object_r:httpd_sys_rw_content_t:s0 /var/lib/pulp
2.3. Supported Operating Systems
You can install the operating system from disc, local ISO image, kickstart, or any other method that Red Hat supports. Red Hat Satellite Server and Red Hat Satellite Capsule Server are supported only on the latest versions of Red Hat Enterprise Linux 6 Server or 7 Server that is available at the moment when Satellite 6.2 is installed. Previous versions of Red Hat Enterprise Linux including EUS or z-stream are not supported.
With the release of Red Hat Satellite 6.3, Red Hat will no longer support Red Hat Enterprise Linux 6 as an underlying platform for Red Hat Satellite Server and Red Hat Satellite Capsule Server.
Users who are currently running Satellite Server or Capsule Server on Red Hat Enterprise Linux 6 will be provided a mechanism to migrate from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7.
It is strongly recommended that new installations of Satellite Server and Capsule Server use Red Hat Enterprise Linux 7.
Red Hat Satellite Server and Red Hat Satellite Capsule Server require Red Hat Enterprise Linux installations with the @Base package group with no other package-set modifications, and without third-party configurations or software not directly necessary for the direct operation of the server. This restriction includes hardening and other non-Red Hat security software. If you require such software in your infrastructure, install and verify a complete working Satellite Server first, then create a backup of the system before adding any non-Red Hat software.
It is recommended that the Satellite Server be a freshly provisioned system. Using the system for anything other than running Satellite is not supported.
If any of the following exist on the system, they must be removed before installation:
- Java virtual machines
- Puppet RPM files
- Additional yum repositories other than those explicitly required in this guide for installation
2.4. Supported Browsers
The following web browsers are fully supported:
- Firefox versions 39 and later
- Chrome versions 28 and later
The following web browsers are partially supported. The Satellite web UI interface will function correctly but certain design elements may not align as expected:
- Firefox version 38
- Chrome version 27
- Internet Explorer versions 10 and 11
The web UI and command-line interface for Satellite Server supports English, Portuguese, Simplified Chinese, Traditional Chinese, Korean, Japanese, Italian, Spanish, Russian, French, and German.
2.5. Ports and Firewalls Requirements
Specific network ports must be open and free on the base operating system, as well as open in any network-based firewalls, to enable the components of Satellite architecture to communicate. The tables in this section explain the need for the ports, and the corresponding firewall commands for host-based firewalls are given in the following section. The installation of a Capsule Server will fail if the ports between the Satellite Server and the Capsule Server have not been opened before installation is started.
The tables indicate the destination port and the direction of network traffic, use this information to configure any network-based firewalls. Note that some cloud solutions need to be specifically configured to allow communications between machines as they isolate machines similarly to network-based firewalls.
The Satellite Server has an integrated Capsule and any host that is directly connected to the Satellite Server is a Client of the Satellite in the context of these tables. This includes the base system on which a Capsule Server is running. Remember to take this into account when planing any network-based firewall configurations.
Systems which are clients of Capsules, other than the internal Capsule, do not need access to the Satellite Server. See Capsule Networking in the Red Hat Satellite Architecture Guide for more information on Satellite Topology.
Required ports can change based on your configuration.
Table 2.3. Ports for Satellite to Red Hat CDN Communication
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 443 | TCP | HTTPS | Subscription Management Services (access.redhat.com) and connecting to the Red Hat CDN (cdn.redhat.com). |
Except in the case of a disconnected Satellite, the Satellite Server needs access to the Red Hat CDN.
Table 2.4. Ports for Browser-based User Interface Access to Satellite
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 443 | TCP | HTTPS | Browser-based UI access to Satellite |
| 80 | TCP | HTTP | Redirection to HTTPS for web UI access to Satellite (Optional) |
Table 2.5. Ports for Client to Satellite Communication
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 80 | TCP | HTTP | Anaconda, yum, for obtaining Katello certificates, templates, and for downloading iPXE firmware |
| 443 | TCP | HTTPS | Subscription Management Services, yum, Telemetry Services, and for connection to the Katello Agent |
| 5647 | TCP | amqp | The Katello Agent to communicate with the Satellite’s Qpid dispatch router |
| 8000 | TCP | HTTPS | Anaconda to download kickstart templates to hosts, and for downloading iPXE firmware |
| 8140 | TCP | HTTPS | Puppet agent to Puppet master connections |
| 9090 | TCP | HTTPS | Sending SCAP reports to the Smart Proxy in the integrated Capsule and for the discovery image during provisioning |
| 5000 | TCP | HTTPS | Connection to Katello for the Docker registry |
Any managed host that is directly connected to the Satellite Server is a Client in this context. This includes the base system on which a Capsule Server is running.
Table 2.6. Ports for Client to Capsule Communication
| Port | Protocol | Service | Required for |
|---|---|---|---|
| 80 | TCP | HTTP | Anaconda, yum, and for obtaining Katello certificate updates |
| 443 | TCP | HTTPS | Anaconda, yum, Telemetry Services, and Puppet |
| 5647 | TCP | amqp | The Katello agent to communicate with the Capsule’s Qpid dispatch router |
| 8000 | TCP | HTTPS | Anaconda to download kickstart templates to hosts, and for downloading iPXE firmware |
| 8140 | TCP | HTTPS | Puppet agent to Puppet master connections |
| 8443 | TCP | HTTPS | Subscription Management Services and Telemetry Services |
| 9090 | TCP | HTTPS | Sending SCAP reports to the Smart Proxy in the Capsule and for the discovery image during provisioning |
| 5000 | TCP | HTTPS | Connection to Katello for the Docker registry |
| 53 | TCP and UDP | DNS | Client to Capsule DNS queries to a Capsule’s DNS service (Optional) |
| 67 | UDP | DHCP | Client to Capsule broadcasts, DHCP broadcasts for Client provisioning from a Capsule (Optional) |
| 69 | UDP | TFTP | Clients downloading PXE boot image files from a Capsule for provisioning (Optional) |
Table 2.7. Ports for Capsule to Satellite Communication
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 80 | TCP | HTTP | Anaconda, yum, and for obtaining Katello certificate updates |
| 443 | TCP | HTTPS | Connections to Katello, Foreman, Foreman API, and Pulp |
| 5646 | TCP | amqp | Capsule’s Qpid dispatch router to Qpid dispatch router in the Satellite |
| 5647 | TCP | amqp | The Katello agent to communicate with the Satellite’s Qpid dispatch router |
| 5000 | TCP | HTTPS | Connection to Katello for the Docker registry |
Any managed host that is directly connected to the Satellite Server is a Client in this context. This includes the base system on which a Capsule Server is running. See the table Ports for Client to Satellite Communication.
Table 2.8. Ports for Satellite to Capsule Communication
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 443 | TCP | HTTPS | Connections to the Pulp server in the Capsule |
| 9090 | TCP | HTTPS | Connections to the proxy in the Capsule |
| 80 | TCP | HTTP | Downloading a bootdisk (Optional) |
Table 2.9. Ports for Capsule to Client Communication
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 7 | TCP and UDP | ICMP | DHCP Capsule to Client network, ICMP ECHO to verify IP address is free (Optional) |
| 68 | UDP | DHCP | Capsule to Client broadcasts, DHCP broadcasts for Client provisioning from a Capsule (Optional) |
| 8443 | TCP | HTTP | Capsule to Client "reboot" command to a discovered host during provisioning (Optional) |
Table 2.10. Optional Network Ports
| Port | Protocol | Service | Required For |
|---|---|---|---|
| 22 | TCP | SSH | Satellite and Capsule originated communications, for Remote Execution (Rex) |
| 443 | TCP | HTTPS | Satellite originated communications, for vCenter compute resource |
| 7911 | TCP | DHCP |
|
| 5000 | TCP | HTTP | Satellite originated communications, for compute resources in OpenStack or for running Docker containers |
| 22, 16514 | TCP | SSH, SSL/TLS | Satellite originated communications, for compute resources in libvirt |
| 389, 636 | TCP | LDAP, LDAPS | Satellite originated communications, for LDAP and secured LDAP authentication sources |
| 5900 to 5930 | TCP | SSL/TLS | Satellite originated communications, for NoVNC console in web UI to hypervisors |
A DHCP Capsule sends an ICMP ECHO to confirm an IP address is free, no response of any kind is expected. ICMP can be dropped by a networked-based firewall, but any response will prevent IP addresses being allocated.
2.6. Enabling Connections from a Client to Satellite Server
Systems which are clients of Satellite Server’s internal Capsule require access thorough host and networked based firewalls. This section describes configuring the host-based firewall on Satellite Server’s base system to enable incoming connections from a Client and to make these rules persistent across system reboots. For more information on the ports used, see Section 2.5, “Ports and Firewalls Requirements”.
Configuring the Firewall on Red Hat Enterprise Linux 6
Open the ports required for Client to Satellite Communications
# iptables -I INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p udp --dport 69 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 5000 \ -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 5647 \ -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 8140 \ -j ACCEPT \ && iptables -A INPUT -m state --state NEW -p tcp --dport 9090 \ -j ACCEPT \ && service iptables save
Verify that the iptables service is started and enabled.
# service iptables start # chkconfig iptables on
Configuring the Firewall on Red Hat Enterprise Linux 7
Open the ports required for Client to Satellite Communications.
# firewall-cmd \ --add-port="53/udp" --add-port="53/tcp" \ --add-port="67/udp" --add-port="69/udp" \ --add-port="80/tcp" --add-port="443/tcp" \ --add-port="5000/tcp" --add-port="5647/tcp" \ --add-port="8000/tcp" --add-port="8140/tcp" \ --add-port="9090/tcp"
Repeat the command adding the
--permanentoption to make the settings persistent.# firewall-cmd --permanent \ --add-port="53/udp" --add-port="53/tcp" \ --add-port="67/udp" --add-port="69/udp" \ --add-port="80/tcp" --add-port="443/tcp" \ --add-port="5000/tcp" --add-port="5647/tcp" \ --add-port="8000/tcp" --add-port="8140/tcp" \ --add-port="9090/tcp"
2.7. Enabling Connections from Capsule Server to Satellite Server
Follow this procedure to enable incoming connections from a Capsule Server to a Satellite Server, and make these rules persistent across reboots. If you do not use an external Capsule Server, you do not need to enable this connection.
Prerequisites
A Capsule Server’s base system is a client of the Satellite Server, therefore the procedure in Section 2.6, “Enabling Connections from a Client to Satellite Server” should be completed first. This procedure opens the extra ports required by an external Capsule Server.
For more information on the ports used, see Section 2.5, “Ports and Firewalls Requirements”.
Configuring the Firewall on Red Hat Enterprise Linux 6
Configure iptables service.
# iptables -I INPUT -m state --state NEW -p tcp --dport 5000 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 5646 -j ACCEPT \ && service iptables save
Start iptables service.
# service iptables restart # chkconfig iptables on
Configuring the Firewall on Red Hat Enterprise Linux 7
Configure the firewall on Satellite Server.
# firewall-cmd --add-port="5000/tcp" --add-port="5646/tcp"
Repeat the command adding the
--permanentoption to make the settings persistent.# firewall-cmd --permanent --add-port="5000/tcp" --add-port="5646/tcp"
2.8. Enabling Connections from Satellite Server and Clients to a Capsule Server
You can enable incoming connections from Satellite Server and clients to Capsule Server and make these rules persistent during reboots. If you do not use an external Capsule Server, you do not need to enable this connection.
For more information on the ports used, see Ports and Firewalls Requirements.
Configuring the Firewall on Red Hat Enterprise Linux 6
Configure iptables service.
# iptables -I INPUT -m state --state NEW -p udp --dport 53 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 53 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p udp --dport 67 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p udp --dport 69 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 5000 -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 5647 \ -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 8000 \ -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 8140 \ -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 8443 \ -j ACCEPT \ && iptables -I INPUT -m state --state NEW -p tcp --dport 9090 \ -j ACCEPT \ && service iptables save
Start iptables service.
# service iptables restart # chkconfig iptables on
Configuring the Firewall on Red Hat Enterprise Linux 7
Configure the firewall on Capsule Server.
# firewall-cmd --add-port="53/udp" --add-port="53/tcp" \ --add-port="67/udp" --add-port="69/udp" \ --add-port="80/tcp" --add-port="443/tcp" \ --add-port="5000/tcp" --add-port="5647/tcp" \ --add-port="8000/tcp" --add-port="8140/tcp" \ --add-port="8443/tcp" --add-port="9090/tcp"
Repeat the command adding the
--permanentoption to make the settings persistent.# firewall-cmd --permanent --add-port="53/udp" --add-port="53/tcp" \ --add-port="67/udp" --add-port="69/udp" \ --add-port="80/tcp" --add-port="443/tcp" \ --add-port="5000/tcp" --add-port="5647/tcp" \ --add-port="8000/tcp" --add-port="8140/tcp" \ --add-port="8443/tcp" --add-port="9090/tcp"
2.9. Verifying DNS resolution
Verifying the full forward and reverse DNS resolution using a fully-qualified domain name enables you to prevent issues while installing Satellite.
Ensure that the host name and local host resolve correctly.
# ping -c1 localhost # ping -c1 `hostname -f` # my_system.domain.com
Successful name resolution results in output similar to the following:
# ping -c1 localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.043 ms --- localhost ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms # ping -c1 `hostname -f` PING hostname.gateway (XX.XX.XX.XX) 56(84) bytes of data. 64 bytes from hostname.gateway (XX.XX.XX.XX): icmp_seq=1 ttl=64 time=0.019 ms --- localhost.gateway ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.019/0.019/0.019/0.000 ms
To avoid discrepancies with static and transient host names, set all the host names on the system by entering the following command:
# hostnamectl set-hostname nameFor more information, see the Configuring Host Names Using hostnamectl in the Red Hat Enterprise Linux 7 Networking Guide.
Name resolution is critical to the operation of Satellite 6. If Satellite cannot properly resolve its fully qualified domain name, many options will fail. Among these options are content management, subscription management, and provisioning.
2.10. Changing Default SELinux ports
Red Hat Satellite 6 uses a set of predefined ports. Because Red Hat recommends that SELinux on Satellite 6 systems be set to permissive or enforcing, if you need to change the port for any service, you also need to change the associated SELinux port type to allow access to the resources. You only need to change these ports if you use non-standard ports.
For example, if you change the Satellite web UI ports (HTTP/HTTPS) to 8018/8019, you need to add these port numbers to the httpd_port_t SELinux port type.
This change is also required for target ports. For example, when Satellite 6 connects to an external source, like Red Hat Virtualization or Red Hat OpenStack Platform.
You only need to make changes to default port assignments once. Updating or upgrading Satellite has no effect on these assignments. Updating only adds default SELinux ports if no assignments exist.
Before You Begin
- SELinux must be enabled and running in permissive or enforcing mode before installing Satellite. For more information, see the Red Hat Enterprise 6 Security-Enhanced Linux User Guide or the Red Hat Enterprise Linux 7 SELinux User’s and Administrator’s Guide.
Changing default ports to user-specified ports
To change the port from the default port to a user-specified port, execute the commands using values that are relevant to your environment. These examples use port 99999 for demonstration purposes.
Default Port SELinux Command 80, 443, 8443
semanage port -a -t http_port_t -p tcp 99999
8080
semanage port -a -t http_cache_port_t -p tcp 99999
8140
semanage port -a -t puppet_port_t -p tcp 99999
9090
semanage port -a -t websm_port_t -p tcp 99999
69
semanage port -a -t tftp_port_t -p udp 99999
53 (TCP)
semanage port -a -t dns_port_t -p tcp 99999
53 (UDP)
semanage port -a -t dns_port_t -p udp 99999
67, 68
semanage port -a -t dhcpd_port_t -p udp 99999
5671
semanage port -a -t amqp_port_t -p tcp 99999
8000
semanage port -a -t soundd_port_t -p tcp 99999
7911
semanage port -a -t dhcpd_port_t -p tcp 99999
5000 on Red Hat Enterprise Linux 6
semanage port -a -t commplex_port_t -p tcp 99999
5000 on Red Hat Enterprise Linux 7
semanage port -a -t commplex_main_port_t -p tcp 99999
22
semanage port -a -t ssh_port_t -p tcp 99999
16514 (libvirt)
semanage port -a -t virt_port_t -p tcp 99999
389, 636
semanage port -a -t ldap_port_t -p tcp 99999
5910 to 5930
semanage port -a -t vnc_port_t -p tcp 99999
- Disassociate the previously used port number and port type.
# semanage port -d -t virt_port_t -p tcp 99999
