[Gluster-users] Firewall ports with v 3.5.2 grumble time
Osborne, Paul (paul.osborne@canterbury.ac.uk)
paul.osborne at canterbury.ac.uk
Fri Oct 31 08:07:18 UTC 2014
OK, so the stuff is there, but clearly not trivial to find, as it was easier for me to debug, get working and then grumble (note the order) rather than find it myself on the web site, perhaps it is google that is rubbish. The change to fit with IANA guidelines makes sense though.
Something that is a fundamental behaviour change should surely be a whole lot easier to find than something that is blatantly wrong.
Anyhow thanks for the clarification.
Paul
From: Joe Julian [mailto:joe at julianfamily.org]
Sent: 30 October 2014 19:22
To: Todd Stansell; Osborne, Paul (paul.osborne at canterbury.ac.uk); gluster-users at gluster.org
Subject: Re: [Gluster-users] Firewall ports with v 3.5.2 grumble time
https://github.com/gluster/glusterfs/blob/master/doc/admin-guide/en-US/markdown/admin_settingup_clients.md#installing-on-red-hat-package-manager-rpm-distributions
(also restated again under " Installing on Debian-based Distributions")
Any thoughts on what would make this any easier to find?
On 10/30/2014 11:21 AM, Todd Stansell wrote:
This is because in 3.4, they changed the brick port range. It's mentioned
on
https://forge.gluster.org/gluster-docs-project/pages/GlusterFS_34_Release_No
tes:
"Brick ports will now listen from 49152 onwards (instead of 24009 onwards
as with previous releases). The brick port assignment scheme is now
compliant with IANA guidelines."
Sadly, documentation for gluster is very difficult to find what you need, in
my experience.
Todd
-----Original Message-----
From: gluster-users-bounces at gluster.org<mailto:gluster-users-bounces at gluster.org>
[mailto:gluster-users-bounces at gluster.org] On Behalf Of Osborne, Paul
(paul.osborne at canterbury.ac.uk<mailto:paul.osborne at canterbury.ac.uk>)
Sent: Thursday, October 30, 2014 6:59 AM
To: gluster-users at gluster.org<mailto:gluster-users at gluster.org>
Subject: [Gluster-users] Firewall ports with v 3.5.2 grumble time
Hi,
I have a requirement to run my gluster hosts within a firewalled section of
network and where the consumer hosts are in a different segment due to IP
address preservation, part of our security policy requires that we run local
firewalls on every host so I have to get the network access locked down
appropriately.
I am running 3.5.2 using the packages provided in the Gluster package
repository as my Linux distribution only includes packages for 3.2 which
seems somewhat ancient.
Following the documentation here:
http://www.gluster.org/community/documentation/index.php/Basic_Gluster_Troub
leshooting
I opened up the relevant ports:
34865 - 34867 for gluster
111 for the portmapper
24009 - 24012 as I am using 2 bricks
This though contradicts:
http://gluster.org/community/documentation/index.php/Gluster_3.2:_Installing
_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions
Which says:
"Ensure that TCP ports 111, 24007,24008, 24009-(24009 + number of bricks
across all volumes) are open on all Gluster servers. If you will be using
NFS, open additional ports 38465 to 38467"
What has not been helpful is that there was no mention of port: 2049 for NFS
over TCP - which would have been helpful and probably my own mistake as I
should have known.
To really confuse matters I noticed that the bricks were not syncing anyway,
and a look at the logs reveals:
/var/log/glusterfs/glfsheal-www.log:[2014-10-30 07:39:48.428286] I
[client-handshake.c:1462:client_setvolume_cbk] 0-www-client-1: Connected to
111.222.333.444:49154, attached to remote volume '/srv/hod/lampe-www'.
along with other entries that show that I also actually need ports: 49154
and 49155 open.
even gluster volume status reveals some of the ports:
gluster> volume status
Status of volume: www
Gluster process Port Online Pid
----------------------------------------------------------------------------
--
Brick 194.82.210.140:/srv/hod/lampe-www 49154 Y 3035
Brick 194.82.210.130:/srv/hod/lampe-www 49155 Y
16160
NFS Server on localhost 2049 Y
16062
Self-heal Daemon on localhost N/A Y
16072
NFS Server on gfse-isr-01 2049 Y 3040
Self-heal Daemon on gfse-isr-01 N/A Y 3045
Task Status of Volume www
----------------------------------------------------------------------------
--
There are no active volume tasks
So my query here is, if the bricks are actually using 49154 & 49155 (which
they appear to be) why is this not mentioned in the documentation and are
there any other ports that I should be aware of?
Thanks
Paul
--
Paul Osborne
Senior Systems Engineer
Infrastructure Services
IT Department
Canterbury Christ Church University
_______________________________________________
Gluster-users mailing list
Gluster-users at gluster.org<mailto:Gluster-users at gluster.org>
http://supercolony.gluster.org/mailman/listinfo/gluster-users
_______________________________________________
Gluster-users mailing list
Gluster-users at gluster.org<mailto:Gluster-users at gluster.org>
http://supercolony.gluster.org/mailman/listinfo/gluster-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-users/attachments/20141031/2952341a/attachment.html>
More information about the Gluster-users
mailing list