[Gluster-devel] GlusterFS firewalld control

Anand Nekkunti anekkunt at redhat.com
Sun Aug 23 10:41:38 UTC 2015 


On 08/20/2015 09:55 AM, Anand Nekkunti wrote:
>
>
> On 08/17/2015 03:22 PM, Christopher Blum wrote:
>> Hey Gluster Developers,
>>
>> I'm fairly new to GlusterFS, but noticed, that it is missing the 
>> possibility to control firewalld, which is also addressed in [1]
>> Since I wanted to propose a solution for this problem, I briefly 
>> talked to Niels de Vos and we identified 2 possible ways to fix this:
>>
>> 1) Use the dbus connection to control firewalld when we do bind() as 
>> a server - it looks like there is only one place where we do that [2]
>>      --> Pretty much a catch all solution, but will require to link 
>> against dbus and a precompiler check for OSs with firewalld
>>
>> 2) Use the glusterfs hooks to call a script, when we create volumes 
>> to open up the (dynamic) ports of the involved bricks
>>      --> Easier to implement, but where do we get the port 
>> information from? Additionally involves the creation of a static 
>> config for the glusterd process.
>    I prefer second option(by hooks) because of easy implementation and 
> configuration is permanent , I have written  script 
> glusterfs_firewall.sh(find attached file) using this we can create 
> Glusterfs service and add/delete port to service(it also add Glusterfs 
> firewall service to default zone ).
>
>     1. Default ports : This script need be called during post 
> installation so that it creates Glusterfs firewall service with 
> default ports and enables Glusterfs service in default zone.
>          #glusterfs_firewall.sh -r
>
>     2. Ports for bricks - this script need be called by hooks by 
> passing port number after allocating  brick  port  by glusterd.
>         #glusterfs_firewall.sh -p  port_num  (ex: 
> glusterfs_firewall.sh -p  41700)
>
>     3. Ports Deallocation - ports  can be removed from Glustrerfs  
> service(during brick stop)
>         # glusterfs_firewall.sh -d  port_num  (ex: 
> glusterfs_firewall.sh -d  41700)

  I have posted patch for this , please have a look at [1]
   [1]. http://review.gluster.org/#/c/11989/1
>
>
>>
>> Looking at [3], we need to open up additional (dynamic) ports for 
>> NFS? Is that info correct?
>>
>> Since I'm fairly new, I would welcome a discussion, which approach is 
>> best in your opinion. Please also tell me if any assumptions from 
>> above are incorrect...
>>
>> Best Regards,
>> Chris
>>
>> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1057295
>> [2] 
>> https://forge.gluster.org/glusterfs-core/glusterfs/blobs/master/rpc/rpc-transport/socket/src/socket.c#line758
>> [3] 
>> http://www.gluster.org/community/documentation/index.php/Gluster_3.1:_Installing_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions 
>> <http://www.gluster.org/community/documentation/index.php/Gluster_3.1:_Installing_GlusterFS_on_Red_Hat_Package_Manager_%28RPM%29_Distributions>
>>
>>
>>
>> _______________________________________________
>> Gluster-devel mailing list
>> Gluster-devel at gluster.org
>> http://www.gluster.org/mailman/listinfo/gluster-devel
>
>
>
> _______________________________________________
> Gluster-devel mailing list
> Gluster-devel at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20150823/bbe1788e/attachment.html>

More information about the Gluster-devel mailing list