From users-return-34723-archive-asf-public=cust-asf.ponee.io@cloudstack.apache.org Fri Jul 31 11:04:49 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mailroute1-lw-us.apache.org (mailroute1-lw-us.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with ESMTPS id AE2C7180647 for ; Fri, 31 Jul 2020 13:04:49 +0200 (CEST) Received: from mail.apache.org (localhost [127.0.0.1]) by mailroute1-lw-us.apache.org (ASF Mail Server at mailroute1-lw-us.apache.org) with SMTP id 65084125289 for ; Fri, 31 Jul 2020 11:04:45 +0000 (UTC) Received: (qmail 46664 invoked by uid 500); 31 Jul 2020 11:04:44 -0000 Mailing-List: contact users-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@cloudstack.apache.org Delivered-To: mailing list users@cloudstack.apache.org Received: (qmail 46652 invoked by uid 99); 31 Jul 2020 11:04:44 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 31 Jul 2020 11:04:44 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id D344AC06C8 for ; Fri, 31 Jul 2020 11:04:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-he-de.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id cKJ9qzJl_Nq5 for ; Fri, 31 Jul 2020 11:04:42 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::62b; helo=mail-ej1-x62b.google.com; envelope-from=andrija.panic@gmail.com; receiver= Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by mx1-he-de.apache.org (ASF Mail Server at mx1-he-de.apache.org) with ESMTPS id A94FB7F742 for ; Fri, 31 Jul 2020 11:04:41 +0000 (UTC) Received: by mail-ej1-x62b.google.com with SMTP id jp10so4456214ejb.0 for ; Fri, 31 Jul 2020 04:04:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=yIbfTzLPg4+3yp9thN2nEV7WE1WfXI7/2eGOgfQSZUc=; b=RFENlEIGREtthlXABuUqc5NQ7wcbthndp0mSTn/TGF0HHXznes1gyenJX8cWEyK8sK 7hu9JCvn/eEI4AaFP+9hWOIYLlk5SVnkeBHMOE/S7o6vPptJbL8lLe0aQ+BfPtuF1LKs Bf7HuCuQCB8bjTtOgwbJwb9rM1WZmrrCx9cwAN+8jH7+S/BtdyfGU0HkpG3Z8nhcL/Br ggIHkwSvPt4wf0Fw3+usXHqclTfsduH9/fyh2TBquir9gw4iBa0MsQqgXsEzj9QOosuz FQ8d7elklDu76jZcej0YUuzIinMMbdvtMTfWEOwGPOConDOye0JUsPC2cXWZAT0afHvy ssgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=yIbfTzLPg4+3yp9thN2nEV7WE1WfXI7/2eGOgfQSZUc=; b=d7TQD0HuQq306GhzRhytxltndgyDjXu3V3+DBzhZkhgC6ApSzkM1GLkErqFdJgV8EJ xsLTk6xRSUWHI2pFN5aubD3fj4bOyyN7Vl+FWk5OE1KKKxORhMGqqyCBne+nssRCNVd5 hj4xkhjsKTWGRoovMzWt95bZnqPeETn7MbLJ1SDgci2YpN36KrdD1XhJE5Lq3THCu+lz Mv/QEFM1VV38+hGOKAOpC+WppI3W5pHEFIbe7ysbnWvSOjp1EPiS7mgcHMTSoeDJs/gV 1qSuWOoVLl07GrO3aA7UOcofHCXHXUUGz4vvrvxE3hbVJ4UkslvJ1b2vJo9EixjjDZbf nmwQ== X-Gm-Message-State: AOAM531UG0LZwLXgQOvAAXZbyXT+ToS8ozBeMLrgZcheCaId6gF/0aBa Dn+3sTX3sGZnPjXvc0DIbp8RNecZuf51gnwrok3azg== X-Google-Smtp-Source: ABdhPJwbUjK5/c5TQjhGSeHlO1GiG8VSGlvdcfSGTzFI+5aWc3fIl7V6bErjqNAvDEsvuXOT92aNHwAFTC14dSPYMbs= X-Received: by 2002:a17:906:1f8e:: with SMTP id t14mr3530155ejr.336.1596193480592; Fri, 31 Jul 2020 04:04:40 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Andrija Panic Date: Fri, 31 Jul 2020 13:04:26 +0200 Message-ID: Subject: Re: Fresh 4.14 install - UI won't start after reboot To: users Content-Type: multipart/alternative; boundary="00000000000067515b05abbac108" --00000000000067515b05abbac108 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Fully agree.... anyone up for a PR that would edit the script to avoid firewall rules setup but instead print a descriptive message advising ports 8080, 8443, 8250 and possibly 8096 should be open? cheers, On Fri, 31 Jul 2020 at 10:26, Riepl, Gregor (SWISS TXT) < Gregor.Riepl@swisstxt.ch> wrote: > Hi Andrija, > > My idea would be to either ensure (in the cloudstack-setup-management) th= at > both firewalld/ufw are disabled and continue operating with pure iptables > OR to not add rules at all, but instead print a message on the > requirements to open access to ports 8080/8250/9090 with whatever firewal= l > management tool the user uses > > =E2=80=8BSupporting many different firewall management tools will be a He= rculean > effort and may still fail when new tools emerge. > I think it would be ok to drop automatic firewall rule creation and let > the user manage their own rules instead. > > It's always been this way on Debian (and derivates), and I don't see why > other distributions should be different. > Perhaps RHEL/CentOS has handled this differently in the past, and > firewalld is supposed to solve the distribution fragmentation problem, ju= st > like systemd did. But there's far less adoption of firewalld than systemd= , > so I don't think it makes sense to try to solve this in CloudStack. > > (just my 2=C2=A2) > > Regards, > Gregor > --=20 Andrija Pani=C4=87 --00000000000067515b05abbac108--