[Gluster-devel] GlusterFS firewalld control

Anand Nekkunti anekkunt at redhat.com
Thu Aug 20 04:25:54 UTC 2015 


On 08/17/2015 03:22 PM, Christopher Blum wrote:
> Hey Gluster Developers,
>
> I'm fairly new to GlusterFS, but noticed, that it is missing the 
> possibility to control firewalld, which is also addressed in [1]
> Since I wanted to propose a solution for this problem, I briefly 
> talked to Niels de Vos and we identified 2 possible ways to fix this:
>
> 1) Use the dbus connection to control firewalld when we do bind() as a 
> server - it looks like there is only one place where we do that [2]
>      --> Pretty much a catch all solution, but will require to link 
> against dbus and a precompiler check for OSs with firewalld
>
> 2) Use the glusterfs hooks to call a script, when we create volumes to 
> open up the (dynamic) ports of the involved bricks
>      --> Easier to implement, but where do we get the port information 
> from? Additionally involves the creation of a static config for the 
> glusterd process.
    I prefer second option(by hooks) because of easy implementation and 
configuration is permanent , I have written  script 
glusterfs_firewall.sh(find attached file) using this we can create 
Glusterfs service and add/delete port to service(it also add Glusterfs 
firewall service to default zone ).

     1. Default ports : This script need be called during post 
installation so that it creates Glusterfs firewall service with default 
ports and enables Glusterfs service in default zone.
          #glusterfs_firewall.sh -r

     2. Ports for bricks - this script need be called by hooks by 
passing port number after allocating  brick  port  by glusterd.
         #glusterfs_firewall.sh -p  port_num  (ex: glusterfs_firewall.sh 
-p  41700)

     3. Ports Deallocation  - ports  can be removed from Glustrerfs  
service(during brick stop)
         # glusterfs_firewall.sh -d  port_num  (ex: 
glusterfs_firewall.sh -d  41700)


>
> Looking at [3], we need to open up additional (dynamic) ports for NFS? 
> Is that info correct?
>
> Since I'm fairly new, I would welcome a discussion, which approach is 
> best in your opinion. Please also tell me if any assumptions from 
> above are incorrect...
>
> Best Regards,
> Chris
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1057295
> [2] 
> https://forge.gluster.org/glusterfs-core/glusterfs/blobs/master/rpc/rpc-transport/socket/src/socket.c#line758
> [3] 
> http://www.gluster.org/community/documentation/index.php/Gluster_3.1:_Installing_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions 
> <http://www.gluster.org/community/documentation/index.php/Gluster_3.1:_Installing_GlusterFS_on_Red_Hat_Package_Manager_%28RPM%29_Distributions>
>
>
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20150820/294a6a63/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: glusterfs_firewall.sh
Type: application/x-shellscript
Size: 1893 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20150820/294a6a63/attachment.bin>

More information about the Gluster-devel mailing list