Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup script should open required ports in firewall #113

Closed
Ottovsky opened this issue May 14, 2020 · 3 comments
Closed

setup script should open required ports in firewall #113

Ottovsky opened this issue May 14, 2020 · 3 comments
Labels
area/setup Issue related to tinkerbell setup kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.

Comments

@Ottovsky
Copy link

Hey,

Currently the setup script assumes that all the required ports on the target hosts are open in firewall. It is not always a case, for example centos 7.6 comes with a default rule to drop all traffic which does not match firewall rules. It would be good to open the required ports: 67, 69, 443 during the script execution, so tinkerbell works out of the box.
@gauravgahlot gauravgahlot added kind/feature Categorizes issue or PR as related to a new feature. area/setup Issue related to tinkerbell setup labels May 14, 2020
@alexellis
Copy link
Contributor

Is this related to #90?

@Ottovsky
Copy link
Author

I am not entirely sure about this, my use case was focused on the on-premise environment without direct exposure to the internet.

@thebsdbox thebsdbox added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Jul 21, 2020
@gianarb
Copy link
Contributor

gianarb commented Sep 16, 2020

I will close this for now. The setup script intended for the user is now moved to https://github.com/tinkerbell/sandbox.
Anyway, I don't think a setup bash script can cover all the operation experience required to have a system up and running.

It is written to boost a possible environment (a simple one) that can be used as the first test.

We do not have yet a story around ops excellence for Tinkerbell, but I doubt it will use the setup.sh we provide as getting started on Packet and Vagrant. It is also hard to imagine a solution that works for everyone.

we started to document each service independently and at some point, it will cover the required port and their purpose as well.

I am closing this because I doubt the setup.sh will ever deal with iptables or similar

@gianarb gianarb closed this as completed Sep 16, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/setup Issue related to tinkerbell setup kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gianarb @thebsdbox @alexellis @Ottovsky @gauravgahlot