Firewall rules incomplete when using Autodiscovery with RHEL Satellite 6.1

There are some things not yet in the RedHat manual concerning implementing discovered hosts provisioning through use of the discovery image in Red Hat Satellite Server.

First of all, the FDI is also running a very limited foreman-proxy server, so to get full functionality you also need to open port 8443 on the subnet where clients are provisioned in the firewalls. Failure to do so will prevent a discovered client to reboot as instructed by satellite and you will have to push the button by hand.

So if your server runs on 10.0.0.1 and is provisioning for clients on subnet 10.2.0.0/24 with a firewall in between, you need to “allow” traffic from 10.0.0.1 any port , to 10.2.0.0/24 destination port 8443/TCP , as well.

Also not widely documented yet, you can enable SSH login on the discovery image with 2 kernel-boot options , add them as usual in the satellite global PXEboot file.

fdi.ssh=1 and fdi.rootpw=welcome  , which enables ssh and sets the root password to welcome.

– Mark.


Comments are closed.