Merge pull request #216 from sergio-correia/nbde

nbde-introduction: include steps to open the tang port in the firewall
rhel-labs · Aug 10, 2021 · 6c19ee5 · 6c19ee5
2 parents 5b5e29a + 3ddb943
commit 6c19ee5
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/nbde-introduction/background.sh b/nbde-introduction/background.sh
@@ -27,6 +27,11 @@ setup_swap() {
     log "swap file set up successfully..."
 }
 
+set_default_firewall_zone() {
+    firewall-cmd --set-default-zone libvirt
+    log "Default firewall zone set to libvirt"
+}
+
 ubuntu_deps() {
     log "(OS=ubuntu) Installing additional packages..."
 
@@ -44,6 +49,7 @@ rhel8_deps() {
     dnf -y module install virt
     systemctl start libvirtd
     log "Packages installed successfully..."
+    set_default_firewall_zone
 }
 
 install_deps() {

diff --git a/nbde-introduction/step2.md b/nbde-introduction/step2.md
@@ -34,3 +34,24 @@ This indicates that the server is responding as expected.
 
 Note that the actual values for the `payload` and other fields in the JSON will differ from
 the example output displayed above.
+
+## Opening the port used by `tang` in the firewall
+
+Finally, we should make sure we can access `tang` from other machines, which means the port it is listening to should
+be reachable from these other machines. By default, `tang` works on TCP port 80 -- the same as the HTTP protocol --, so
+we can open it in our scenario by issuing the following command:
+
+`firewall-cmd --add-port=80/tcp`{{execute}}
+
+Note: depending on how the firewall is set up, the command to open a specific port may be slightly different, but for our
+scenario the command above will suffice.
+
+You can verify the port is open by issuing the next command:
+
+`firewall-cmd --list-ports`{{execute}}
+
+And the expected output here would be the following:
+
+```
+80/tcp
+```