Bug 1245103
| Summary: | nfs-ganesha: Configure ports used by MOUNT, NLM, RQUOTA services and provide firewalld service to open them | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Saurabh <saujain> |
| Component: | nfs-ganesha | Assignee: | Soumya Koduri <skoduri> |
| Status: | CLOSED ERRATA | QA Contact: | Shashank Raj <sraj> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rhgs-3.1 | CC: | divya, kheal, kkeithle, mzywusko, ndevos, nlevinki, rcyriac, rhinduja, sankarshan, sashinde, skoduri, smohan |
| Target Milestone: | --- | Keywords: | ZStream |
| Target Release: | RHGS 3.1.3 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
Previously, nfs-ganesha randomly choose the ports to be used while bringing up mountd, rquota and nlm services. But these ports would change with each restart of nfs-ganesha, and was difficult to configure them to be opened by firewalld or iptables. With this fix, these ports can be configured in '/etc/ganesha/ganesha.conf' file. Now mountd, nlm, and rquota services will come up with the ports listed in '/etc/ganesha/ganesha.conf' so you can configure them to open via firewalld or iptables.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-23 05:32:38 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1299184, 1300175, 1329637 | ||
|
Description
Saurabh
2015-07-21 08:32:51 UTC
As per the latest discussion we had, we shall configure the ports to be used for mountd, nlm and rquota services in the nfs-ganesha.conf file and also provide firewalld service (nfs-ganesha) to open up these ports. The only remaining statd-port which is used by rpc.statd service has to be manually configured by the admin in '/etc/sysconfig/nfs' file and open it up by adding firewalld/iptables rule. Upstream discussion regarding registering ports for these services can be found at - http://thread.gmane.org/gmane.linux.nfs/73398/focus=73416 For now, we shall configure these ports only for downstream nfs-ganesha. The fix we are going to provide for this BZ is that we will package ganesha.conf with below default ports configured for all these services and then provide ganesha.xml to be used by firewalld to open those ports.
MNT_Port = 20048;
NLM_Port = 32803;
Rquota_Port = 875;
Note: these port numbers are chosen based on the values mentioned in '/etc/sysconfig/nfs'
But however for STATD service, admin still has to edit below line in '/etc/sysconfig/nfs' file and restart statd service after adding firewall rule to open it.
# Port rpc.statd should listen on.
#STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
#STATD_OUTGOING_PORT=2020
The fix is under review. fixed in nfs-ganesha-2.3.1-3.el7rhgs and nfs-ganesha-2.3.1-3.el6rhs ON RHEL 7:
While verifying this bug, i have an observation where after installing nfs-ganesha-2.3.1-3 rpm's on the cluster, ganesha.conf file gets updated with mentioned ports in bug as below:
NFS_Core_Param {
#Use supplied name other tha IP In NSM operations
NSM_Use_Caller_Name = true;
#Copy lock states into "/var/lib/nfs/ganesha" dir
Clustered = false;
#By default port number '2049' is used for NFS service.
#Configure ports for MNT, NLM, RQuota services.
#The ports chosen here are from '/etc/sysconfig/nfs'
MNT_Port = 20048;
NLM_Port = 32803;
Rquota_Port = 875;
}
However these ports doesn't get added in firewalld and even restarting firewalld service doesn't help.
[root@dhcp37-180 ganesha]# firewall-cmd --list-ports
[root@dhcp37-180 ganesha]#
Also, there is a confusion as to which .xml file should be responsible for adding these ports?
1) Should it be ganesha.xml (which soumya mentioned in comment 6), which is missing from /usr/lib/firewalld/services/
2) or should it be nlm.xml and rquota.xml which are part of /usr/lib/firewalld/services.
[root@dhcp37-180 ~]# ls /usr/lib/firewalld/services/ | grep nlm
nlm.xml
[root@dhcp37-180 ~]# ls /usr/lib/firewalld/services/ | grep rquota
rquota.xml
[root@dhcp37-180 ~]# ls /usr/lib/firewalld/services/ | grep ganesha
[root@dhcp37-180 ~]#
Please clarify, so that i can move the bug accordingly.
On RHEL 6:
Beacuse of the bug (https://bugzilla.redhat.com/show_bug.cgi?id=1327074), could not proceed with the verification on RHEL 6.
Once we get a new build with working fix, will verify this on RHEL 6 as well.
Verified this bug with latest ganesha-2.3.1-4 build and in both RHEL 6 and RHEL 7, the ganesha.conf file gets updated with ports as below:
NFS_Core_Param {
#Use supplied name other tha IP In NSM operations
NSM_Use_Caller_Name = true;
#Copy lock states into "/var/lib/nfs/ganesha" dir
Clustered = false;
#By default port number '2049' is used for NFS service.
#Configure ports for MNT, NLM, RQuota services.
#The ports chosen here are from '/etc/sysconfig/nfs'
MNT_Port = 20048;
NLM_Port = 32803;
Rquota_Port = 875;
}
ON RHEL 7:
we need to add following services to firewalld
[root@dhcp37-180 yum.repos.d]# firewall-cmd --zone=public --add-service=nlm --add-service=nfs --add-service=rpc-bind --add-service=high-availability --add-service=mountd --add-service=rquota
success
and under /etc/sysconfig/nfs
vi /etc/sysconfig/nfs
uncomment #STATD_PORT=662, #STATD_OUTGOING_PORT=2020
and add these ports to firewalld
firewall-cmd --add-port=662/tcp --add-port=662/udp --add-port=2020/tcp --add-port=2020/udp
for statd port 662 to take effect, we need to kill earlier running process and restart nfs-ganesha-lock service
after these settings rpcinfo output is as below:
[root@dhcp37-180 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100003 3 udp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 udp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100021 4 udp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr
100011 1 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 udp 875 rquotad
100011 2 tcp 875 rquotad
100024 1 udp 662 status
100024 1 tcp 662 status
ON RHEL 6:
we need to edit /etc/sysconfig/nfs file
vi /etc/sysconfig/nfs
uncomment #STATD_PORT=662, #STATD_OUTGOING_PORT=2020
and do rpc.statd -p 662
rpcinfo output after the settings is as below:
[root@dhcp43-59 ~]# rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100003 3 udp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 udp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100021 4 udp 32803 nlockmgr
100021 4 tcp 32803 nlockmgr
100011 1 udp 875 rquotad
100011 1 tcp 875 rquotad
100011 2 udp 875 rquotad
100011 2 tcp 875 rquotad
100024 1 udp 662 status
100024 1 tcp 662 status
Based on the above observation, marking this bug as Verified.
Soumya, Please review and sign-off the edited doc text. Doc text looks good to me. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2016:1247 |