From a5ec383260303d6b035e19294967a63d092d55b5 Mon Sep 17 00:00:00 2001
From: Pete Zaitcev <zaitcev@kotori.zaitcev.us>
Date: Mon, 13 Jul 2020 18:33:15 -0500
Subject: [PATCH] Add a reminder to configure firewall at storage nodes

My customers use the upstream documentation for manual
installation of Swift nodes and they come upon the lack
of any mention that host firewall ought to accomodate
services running on the node. Perhaps we thought it
self-evident in Swift.

Related RH bz#: 1797814

Change-Id: I337f8d0f1fbeee7ae927a581eecbbbcc6dc69340
---
 doc/source/install/storage-install-rdo.rst | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/doc/source/install/storage-install-rdo.rst b/doc/source/install/storage-install-rdo.rst
index 344e43a953..842b1c849d 100644
--- a/doc/source/install/storage-install-rdo.rst
+++ b/doc/source/install/storage-install-rdo.rst
@@ -159,3 +159,14 @@ Install and configure components
       # mkdir -p /var/cache/swift
       # chown -R root:swift /var/cache/swift
       # chmod -R 775 /var/cache/swift
+
+8. Enable necessary access in the firewall
+
+   .. code-block:: console
+
+      # firewall-cmd --permanent --add-port=6200/tcp
+      # firewall-cmd --permanent --add-port=6201/tcp
+      # firewall-cmd --permanent --add-port=6202/tcp
+
+   The rsync service includes its own firewall configuration.
+   Connect from one node to another to ensure that access is allowed.