Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-7929

Remind Windows users that the Windows Firewall may be the cause of their inability to access the Web Console post installation (was: The installer should check the state for the windows firewall)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.1, 2.1.0
    • Fix Version/s: 4.0.0
    • Component/s: installer
    • Security Level: Public
    • Labels:
      None
    • Is this a Regression?:
      Yes
    • Sprint:
      PCI Team - Sprint 10, PCI Team - Sprint 11

      Description

      Our installer should check the state of the windows firewall during installation and tell the user if it is blocking the desired ports.

      Alternatively we could get warnings in our WEB UI if this is wrong

      See http://msdn.microsoft.com/en-us/library/windows/desktop/ff956124(v=vs.85).aspx for information about the API for the Windows Firewall

        Issue Links

        # Subject Project Status CR V
        For Gerrit Dashboard: &For+MB-7929=message:MB-7929

          Activity

          Hide
          maria Maria McDuff (Inactive) added a comment -

          bin, any update on this bug?

          Show
          maria Maria McDuff (Inactive) added a comment - bin, any update on this bug?
          Hide
          steve Steve Yen added a comment -

          Discussed in sprint planning - this will likely not make 2.0.2 timeframe.

          It's be an improvement/feature to do the checking of whether the ports are accessible.

          Show
          steve Steve Yen added a comment - Discussed in sprint planning - this will likely not make 2.0.2 timeframe. It's be an improvement/feature to do the checking of whether the ports are accessible.
          Hide
          anil Anil Kumar added a comment -

          We should atleast have a generic error message in-case the installation fails with some reason like this to point user to per-installation section of documentation

          Show
          anil Anil Kumar added a comment - We should atleast have a generic error message in-case the installation fails with some reason like this to point user to per-installation section of documentation
          Hide
          dfinlay Dave Finlay added a comment -

          We have in general held to the principle of making the Windows installer as simple as possible. Putting in detailed logic in the installer to detect the presence of the Windows firewall is tricky because it's not the same across different version of Windows.

          Bin and I suggest adding the following upon successful installation of Couchbase:
          "Couchbase Server has been installed successfully. If you are unable to access the Couchbase Web Console, remember to check your Windows Firewall settings."

          Show
          dfinlay Dave Finlay added a comment - We have in general held to the principle of making the Windows installer as simple as possible. Putting in detailed logic in the installer to detect the presence of the Windows firewall is tricky because it's not the same across different version of Windows. Bin and I suggest adding the following upon successful installation of Couchbase: "Couchbase Server has been installed successfully. If you are unable to access the Couchbase Web Console, remember to check your Windows Firewall settings."
          Hide
          don Don Pinto added a comment -

          Windows has shown great number of downloads everytime we put out a release.

          Adding the error message to the installation seems trivial so we should go with that.

          If possible, we might also want to probe the registry key one time during setup, and write that to the log file. This reg flag will indicate whether the firewall is on/off and then emitting the message -
          Invoke-Command -ComputerName <servername> -Credential <username> -ScriptBlock

          {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$env:COMPUTERNAME).OpenSubKey("System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile").GetValue("EnableFirewall")}

          Since this is installer, I'm hoping we can get this in for sherlock.

          Thanks,

          Show
          don Don Pinto added a comment - Windows has shown great number of downloads everytime we put out a release. Adding the error message to the installation seems trivial so we should go with that. If possible, we might also want to probe the registry key one time during setup, and write that to the log file. This reg flag will indicate whether the firewall is on/off and then emitting the message - Invoke-Command -ComputerName <servername> -Credential <username> -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine",$env:COMPUTERNAME).OpenSubKey("System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile").GetValue("EnableFirewall")} Since this is installer, I'm hoping we can get this in for sherlock. Thanks,
          Show
          bcui Bin Cui (Inactive) added a comment - http://review.couchbase.org/#/c/52071/
          Hide
          don Don Pinto added a comment - - edited

          Bin,

          quick clarification question - so is the fix to disable the firewall? or is it to check the state and print out the error message in the log and UI?

          I don't think we should disable the firewall set by the admin just to make our product work (that is creating a security hole). Instead, we should just log the error message checking the state and tell the admin to adjust the firewall policy.

          Thanks,

          Show
          don Don Pinto added a comment - - edited Bin, quick clarification question - so is the fix to disable the firewall? or is it to check the state and print out the error message in the log and UI? I don't think we should disable the firewall set by the admin just to make our product work (that is creating a security hole). Instead, we should just log the error message checking the state and tell the admin to adjust the firewall policy. Thanks,
          Hide
          bcui Bin Cui (Inactive) added a comment -

          The logic is:

          Installer will detect if the firewall is set or not. If yes, print warning message and ask the customer if he wants to disable the firewall. If the answer is yes, installer will go ahead and disable it, otherwise, it will proceed without doing anything.

          Show
          bcui Bin Cui (Inactive) added a comment - The logic is: Installer will detect if the firewall is set or not. If yes, print warning message and ask the customer if he wants to disable the firewall. If the answer is yes, installer will go ahead and disable it, otherwise, it will proceed without doing anything.

            People

            • Assignee:
              bcui Bin Cui (Inactive)
              Reporter:
              trond Trond Norbye
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Agile

                  Gerrit Reviews

                  There are no open Gerrit changes