Summary

The document addresses an issue with Bitbucket running on Enterprise Linux 7+, such as Oracle Linux, Red Hat, or similar distributions, where the firewall may not be enabled by default. This can block non-standard ports, including the Bitbucket Server SSH port 7999, causing access issues.

Environment

Bitbucket is installed on Enterprise Linux 7+ or similar distributions.

Diagnosis

The issue arises when the firewall is not enabled, and non-standard ports are blocked. This may lead to the error "New Access Key is Required but could not be added to Bitbucket" in Bamboo.

Cause

The root cause of the problem is that the default firewall configuration in these distributions has changed from iptables to firewalld, and non-standard ports such as 7999 for SSH are blocked unless explicitly opened. This results in blocked SSH access, which Bitbucket requires.

Solution

To resolve the issue, follow these steps:

• Connect to your Bitbucket Server host.
• Start FirewallD:

systemctl start firewalld

• Add a firewall rule to open the SSH port 7999 in FirewallD:

firewall-cmd --zone=public --add-port=7999/tcp --permanent

• Add a firewall rule to open the HTTP port 7990 in FirewallD:

firewall-cmd --zone=public --add-port=7990/tcp --permanent

• Reload FirewallD to apply changes:

firewall-cmd --reload

• Verify the firewall rules have been successfully added:

firewall-cmd --list-all

The expected output should show ports 7999/tcp and 7990/tcp open, as in this example:

firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s3 enp0s8
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 7999/tcp 7990/tcp
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

Other Notes

• Ensure that FirewallD is enabled and running to prevent similar issues in the future.
• Consider setting up logging to track any unauthorized access attempts on these ports.