The puppetmaster service rule is removed from iptables after RHUI 3.0 reboot.
Environment
- Red Hat Update Infrastructure 3.x
- Red Hat Enterprise Linux 7.x
Issue
rhui-installerusesiptablesinstead offirewalldto allow puppet master port on RHUI 3.0 installed on RHEL 7.
Resolution
Bug 1748382 was created for this behavior, but the engineering team responded that it was not a bug.
satellite-installer temporarily set iptables, but the settings are removed on reboot.
If you have configured your network as described in the documentation,
You don't need to set it up in iptables/firewalld again.
There is a chapter in Administration Guide - Chapter 3. Prerequisites for Installing Red Hat Update Infrastructure
- All required network ports are open.
Table 3.1. Required Network Port Settings
https://access.redhat.com/documentation/en-us/red_hat_update_infrastructure/3.1/html-single/system_administrators_guide/index#prerequisites
Diagnostic Steps
- Upon running
rhui-installeron RHUI 3.0 an entry forpuppetmasterservice is added toiptables:
ACCEPT tcp -- anywhere anywhere multiport ports 8140 /* 110 allow puppet access */
- The above rule is lost after rebooting RHUA.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments