Re: [Freeipa-devel] Correct firewall ports for multi-master replicas
On 07/14/2014 10:20 AM, Petr Spacek wrote: On 12.7.2014 08:40, James wrote: Hi freeipa-devel, I just added automatic firewalling for puppet-ipa. (Disclaimer it's currently untested...) What I'm missing is an exact and exhaustive list of exactly which ports each replica needs open for each other replica. I'm hoping that this list is symmetrical. AFAIK ipa-replica-conncheck utility and ipa-server-install script should show list of required ports. The ipa-replica-conncheck list is a good start, but it does not for example show ports of optional services, like DNS. You need to figure these out based on installed optional services. Martin ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] Correct firewall ports for multi-master replicas
On 12.7.2014 08:40, James wrote: Hi freeipa-devel, I just added automatic firewalling for puppet-ipa. (Disclaimer it's currently untested...) What I'm missing is an exact and exhaustive list of exactly which ports each replica needs open for each other replica. I'm hoping that this list is symmetrical. AFAIK ipa-replica-conncheck utility and ipa-server-install script should show list of required ports. -- Petr^2 Spacek ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] Correct firewall ports for multi-master replicas
Hi freeipa-devel, I just added automatic firewalling for puppet-ipa. (Disclaimer it's currently untested...) What I'm missing is an exact and exhaustive list of exactly which ports each replica needs open for each other replica. I'm hoping that this list is symmetrical. If this list changes based on which $args are used to install FreeIPA, let me know too. These will get inserted here (if you're curious): https://github.com/purpleidea/puppet-ipa/commit/31ede1a185f3d4bd5dd9848613e24a19f460f595#diff-e26063ec0e856ceac05cf5b4132f3330R61 Thanks! James signature.asc Description: This is a digitally signed message part ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
