Bug 1051019
Summary: | [RHEVM-RHS] iptables rules are not set on RHSS Nodes, when importing existing gluster cluster configurations | ||
---|---|---|---|
Product: | Red Hat Enterprise Virtualization Manager | Reporter: | SATHEESARAN <sasundar> |
Component: | ovirt-engine-webadmin-portal | Assignee: | anmol babu <anbabu> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | SATHEESARAN <sasundar> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 3.3.0 | CC: | anbabu, dpati, ecohen, gklein, grajaiya, iheim, rbalakri, Rhev-m-bugs, sabose, sasundar, scohen, sdharane, yeylon |
Target Milestone: | --- | ||
Target Release: | 3.5.0 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | gluster | ||
Fixed In Version: | vt3 | Doc Type: | Bug Fix |
Doc Text: |
Cause: The configure firewall option wasn't present earlier
in the import cluster pop-up that lists the hosts of the cluster.
Fix: Added an option to configure firewall. User now has the option to configure firewall which is enabled by default.
Result: Now, by default the firewall rules are set at the time of import of gluster cluster.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-17 17:14:54 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | Gluster | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
SATHEESARAN
2014-01-09 14:52:58 UTC
Console logs on one of the RHSS Node : ====================================== There were 4 RHSS Nodes in the cluster, 10.70.37.86, 10.70.37.187, 10.70.37.198, 10.70.37.46. This can be seen by execution of following command on one of the peer [Thu Jan 9 20:26:01 UTC 2014 root.37.86:~ ] # gluster pool list UUID Hostname State 9d681c20-3328-4a6c-8fd0-76171d1bfc47 10.70.37.46 Connected 7226ef33-768f-4965-a1f2-738bb00afc7d 10.70.37.198 Connected cb396333-6598-45fc-8468-dbf51dcb5563 10.70.37.187 Connected 77c34f3e-6c32-42ba-af45-0732fa44f08e localhost Connected >>>>>> I imported this existing gluster configuration to the newly created gluster enabled cluster in RHEVM. After that checked iptables rules on one of the node, 10.70.37.187 [Thu Jan 9 20:28:59 UTC 2014 root.37.187:~ ] # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination >>>>>>> I added the same node individually to the gluster enabled cluster and checked for iptables rules [Thu Jan 9 20:29:08 UTC 2014 root.37.187:~ ] # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:snmp ACCEPT tcp -- anywhere anywhere tcp dpt:24007 ACCEPT tcp -- anywhere anywhere tcp dpt:webcache ACCEPT udp -- anywhere anywhere udp dpt:sunrpc ACCEPT tcp -- anywhere anywhere tcp dpt:38465 ACCEPT tcp -- anywhere anywhere tcp dpt:38466 ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc ACCEPT tcp -- anywhere anywhere tcp dpt:38467 ACCEPT tcp -- anywhere anywhere tcp dpt:nfs ACCEPT tcp -- anywhere anywhere tcp dpt:38469 ACCEPT tcp -- anywhere anywhere tcp dpt:39543 ACCEPT tcp -- anywhere anywhere tcp dpt:55863 ACCEPT tcp -- anywhere anywhere tcp dpt:38468 ACCEPT udp -- anywhere anywhere udp dpt:963 ACCEPT tcp -- anywhere anywhere tcp dpt:965 ACCEPT tcp -- anywhere anywhere tcp dpt:ctdb ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ACCEPT tcp -- anywhere anywhere tcp dpts:24009:24108 ACCEPT tcp -- anywhere anywhere tcp dpts:49152:49251 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere PHYSDEV match ! --physdev-is-bridged reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination During import of a cluster - we do not override existing iptables rules - which is why there's a difference observed in the firewall rules while following the "New host" flow vs. the "Import cluster" flow. If we do no need to change this, the user should be prompted if he/she wants this overriding of firewall rules, IMO. Anmol, Please provide RHEVM Version in Fixed-In-Version and not RHSC Version Sorry,this will be in rhevm-3.5. But its now available in upstream master. Verified with RHEVM 3.5 - Version: 3.5.0-0.27.el6ev iptables rules are added to RHSS Nodes even when the RHS cluster is imported in to RHEVM cluster. Marking this bug as VERIFIED Anmol, Made little changes to the doc_text. Removed the consequence section in that doc_text, as that is no longer relevant with the current fix. rhev 3.5.0 was released. closing. |