Merge modules on opening ports

Author: aneta-petrova

guides/common/assembly_preparing-environment-for-capsule-installation.adoc

@@ -20,7 +20,7 @@ include::modules/ref_best-practices-for-optimizing-storage.adoc[leveloffset=+1]
 endif::[]
 
 // Enabling Connections from {ProjectServer} and Clients to a {SmartProxyServer}
-include::modules/proc_enabling-connections-to-capsule.adoc[leveloffset=+1]
+include::modules/proc_opening-required-ports.adoc[leveloffset=+1]
 
 ifdef::parent-context[:context: {parent-context}]
 ifndef::parent-context[:!context:]

guides/common/assembly_preparing-environment-for-project-server-installation.adoc

@@ -2,7 +2,7 @@
 
 include::modules/con_preparing-environment-for-project-server-installation.adoc[]
 
-include::modules/proc_enabling-client-connections-to-project-server.adoc[leveloffset=+1]
+include::modules/proc_opening-required-ports.adoc[leveloffset=+1]
 
 include::modules/proc_verifying-dns-resolution.adoc[leveloffset=+1]
 

guides/common/modules/con_http-booting-requirements-with-managed-dhcp.adoc

@@ -9,7 +9,7 @@ To provision machines through HTTP booting ensure that you meet the following re
 For HTTP booting to work, ensure that your environment has the following client-side configurations:
 
 * All the network-based firewalls are configured to allow clients on the subnet to access the {SmartProxy}.
-For more information, see xref:common/modules/con_smartproxy-networking.adoc#{smart-proxy-context}-networking_{context}[].
+For more information, see xref:common/modules/con_networking-in-project.adoc#networking-in-{project-context}[].
 * Your client has access to the DHCP and DNS servers.
 * Your client has access to the HTTP UEFI Boot {SmartProxy}.
 

guides/common/modules/con_http-booting-requirements-with-unmanaged-dhcp.adoc

@@ -12,7 +12,7 @@ To provision machines through HTTP booting without managed DHCP ensure that you
 * Ensure that your client has access to the DHCP and DNS servers.
 * Ensure that your client has access to the HTTP UEFI Boot {SmartProxy}.
 * Ensure that all the network-based firewalls are configured to allow clients on the subnet to access the {SmartProxy}.
-For more information, see xref:common/modules/con_smartproxy-networking.adoc#{smart-proxy-context}-networking_{context}[].
+For more information, see xref:common/modules/con_networking-in-project.adoc#networking-in-{project-context}[].
 
 .Network requirements
 * An unmanaged DHCP server available for clients.

guides/common/modules/con_pxe-booting-requirements.adoc

@@ -10,7 +10,7 @@ To provision machines using PXE booting, ensure that you meet the following requ
 
 .Client requirements
 * Ensure that all the network-based firewalls are configured to allow clients on the subnet to access the {SmartProxy}.
-For more information, see xref:common/modules/con_smartproxy-networking.adoc#{smart-proxy-context}-networking_{context}[].
+For more information, see xref:common/modules/con_networking-in-project.adoc#networking-in-{project-context}[].
 
 * Ensure that your client has access to the DHCP and TFTP servers.
 

guides/common/modules/proc_configuring-capsule-default-certificate.adoc

@@ -14,7 +14,7 @@ endif::[]
 * {SmartProxyServer} packages are installed.
 For more information, see xref:installing-{smart-proxy-context}-server-packages[].
 * The required ports are open.
-For more information, see xref:common/modules/proc_enabling-connections-to-capsule.adoc#enabling-connections-to-capsule_{context}[].
+For more information, see xref:common/modules/proc_opening-required-ports.adoc#opening-required-ports[].
 
 .Procedure
 

guides/common/modules/proc_deploying-a-custom-ssl-certificate-to-smart-proxy-server.adoc

@@ -15,7 +15,7 @@ For more information, see xref:Registering_Proxy_to_Server_{smart-proxy-context}
 * {SmartProxyServer} packages are installed.
 For more information, see xref:installing-{smart-proxy-context}-server-packages[].
 * The required ports are open.
-For more information, see xref:common/modules/proc_enabling-connections-to-capsule.adoc#enabling-connections-to-capsule_{context}[].
+For more information, see xref:common/modules/proc_opening-required-ports.adoc#opening-required-ports[].
 
 .Procedure
 . On your {ProjectServer}, generate a certificate bundle:

guides/common/modules/proc_enabling-client-connections-to-project-server.adoc

@@ -0,0 +1,83 @@
+:_mod-docs-content-type: PROCEDURE
+
+[id="opening-required-ports"]
+= Opening required ports
+
+For the components of {Project} architecture to communicate, ensure that the required network ports are open and free on the base operating system.
+You must also ensure that the required network ports are open on any network-based firewalls.
+
+[NOTE]
+====
+Some cloud solutions must be specifically configured to allow communications between machines because they isolate machines similarly to network-based firewalls.
+If you use an application-based firewall, ensure that the application-based firewall permits all applications that are listed in the tables and known to your firewall.
+If possible, disable the application checking and allow open port communication based on the protocol.
+====
+
+ifndef::satellite,orcharhino[]
+If you do not use `firewall-cmd` to configure the Linux firewall, implement using the command of your choice.
+endif::[]
+
+.Procedure
+. Optional: If you need to prevent the DHCP {SmartProxy} from pinging hosts to check for available IP addresses, disable DHCP IP address pinging:
++
+[options="nowrap", subs="+quotes,attributes"]
+----
+# {foreman-installer} --foreman-proxy-dhcp-ping-free-ip false
+----
++
+By default, a DHCP {SmartProxy} performs ICMP ping and TCP echo connection attempts to hosts in subnets with DHCP IPAM set to find out if an IP address considered for use is free.
+ifdef::katello,satellite,orcharhino[]
+ifeval::["{context}" == "{project-context}"]
+. Open the ports for clients on {ProjectServer}:
+endif::[]
+ifeval::["{context}" == "{smart-proxy-context}"]
+. Open the ports for clients on {SmartProxyServer}:
+endif::[]
++
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-port="8000/tcp" \
+--add-port="9090/tcp"
+----
+endif::[]
+ifeval::["{context}" == "{project-context}"]
+. Allow access to services on {ProjectServer}:
+endif::[]
+ifeval::["{context}" == "{smart-proxy-context}"]
+. Allow access to services on {SmartProxyServer}:
+endif::[]
++
+[options="nowrap"]
+----
+# firewall-cmd \
+--add-service=dns \
+--add-service=dhcp \
+--add-service=tftp \
+--add-service=http \
+--add-service=https \
+ifndef::katello,satellite,orcharhino[]
+--add-service=foreman-proxy \
+endif::[]
+--add-service=puppetmaster
+----
+. Make the changes persistent:
++
+[options="nowrap", subs="+quotes,verbatim,attributes"]
+----
+# firewall-cmd --runtime-to-permanent
+----
+
+.Verification
+* Enter the following command:
++
+[options="nowrap"]
+----
+# firewall-cmd --list-all
+----
+
+.Additional resources
+* {PlanningDocURL}networking-in-a-{project-context}-deployment[Networking in a {Project} deployment]
+ifndef::foreman-deb[]
+* https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/configuring_firewalls_and_packet_filters/using-and-configuring-firewalld_firewall-packet-filters/9/html/configuring_firewalls_and_packet_filters/using-and-configuring-firewalld_firewall-packet-filters[Using and configuring firewalld in _{RHEL}{nbsp}9 Configuring firewalls and packet filters_]
+endif::[]