Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Firewall check for RMC connection problems. #10

Open
seeteena opened this issue Jul 20, 2020 · 3 comments
Open

Firewall check for RMC connection problems. #10

seeteena opened this issue Jul 20, 2020 · 3 comments
Labels
good to have help wanted Extra attention is needed

Comments

@seeteena
Copy link

LPAR lost RMC Connection if firewall is active on the system.
.

LPAR: Check the status of the firewall running there.

 Stop and disable the firewall on the LPAR.

# systemctl stop firewalld
# systemctl disable firewalld
# rmcdomainstatus -s ctrmc -a IP
 
If need to have a firewall running for your test, then please ensure that you add firewall rules such that
port 657 is open for tcp and udp from any source (or at least from HMC ip addresses).
 
firewall-cmd --permanent --add-port=657/tcp
firewall-cmd --permanent --add-port=657/udp

Please see RMC connection problems for more details.

https://apps.na.collabserv.com/wikis/home?lang=en-us#!/wiki/Wd84435b957b9_48bc_a5a1_7b21da49f710/page/MustGather%20data%20for%20DLPAR%20or%20LPM%20problems

@seeteena
Copy link
Author

Can you please check the feasibility of adding this also as part of servicereport tool LTCBug186432

Problem:
After installation of SUSE, firewall gets enabled on LPAR. After LPM operation, LPAR loses RMC connection due to firewall.
Like how we do the validation check whether kdump is enabled or not and report to the user, similarly can we check and report if firewall is enabled.

We need to run the below steps to disable firewall

  1. Yast2
  2. Systems & security -> Firewall
  3. Not to start after reboot

@seeteena
Copy link
Author

https://bugzilla.linux.ibm.com/show_bug.cgi?id=186432#c26

discussion going on not to disable firewall instead of add rules for RMC connection

ustomers should not disable the firewall for an RMC connection. This is a security risk. Instead customers could add a rule for the RMC connection.

@sourabhjains
Copy link
Contributor

Hello @seeteena

This can be achieved using optional plugin.

Please feel free to add an optional plugin and submit a pull request.

  • Sourabh Jain

@sourabhjains sourabhjains added the help wanted Extra attention is needed label Mar 26, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good to have help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

2 participants