Environment
Host Access for the Cloud 2.4 through 2.5.1
Situation
How to use the semanage command to open required ports for MSS or HACloud sessionserver for a Redhat or CentOS system.
Resolution
HACloud sessionserver default port:
7443 https
MSS typical port configuration:
8880 - HTTP - Administrative Console, Terminal ID Management, Metering Management
8443 - HTTPS - Administrative Console, Terminal ID Management, Metering Management
8003 - X.509 Trusted subsystem
8761 - Service Registry
8089 - Metering server
8443 - HTTPS - Administrative Console, Terminal ID Management, Metering Management
8003 - X.509 Trusted subsystem
8761 - Service Registry
8089 - Metering server
To add the above ports so they are not blocked by selinux issue the following commands as root:
semanage port -a -t http_port_t -p tcp 7443
semanage port -a -t http_port_t -p tcp 8880
semanage port -a -t http_port_t -p tcp 8443
semanage port -a -t http_port_t -p tcp 8003
semanage port -a -t http_port_t -p tcp 8761
semanage port -a -t http_port_t -p tcp 8443
semanage port -a -t http_port_t -p tcp 8003
semanage port -a -t http_port_t -p tcp 8761
semanage port -a -t http_port_t -p tcp 8089
You can check your configuration with:
semanage port -l | grep http_port
You should see a list of all ports open in the http_port_t context including all the ones just added.
Cause
Security Enhanced Linux
(selinux) is is an extra layer of security enabled by default on Redhat
and CentOS linux distributions. Ports need to be added to a context or
it will appear that they are blocked, even though they have been opened
in the firewall.
Additional Information
The command semanage is used to view and change selinux configuration settings. The getenforce command is used to see if semanage is enabled and setenforce can change whether selinux is being enforced or not.
Note: The utilities referenced above are provided in the policycoreutils-python package from the epel Extra Packages for Enterprise Linux repository.