Bug 1253967
Summary: | glusterfs doesn't include firewalld rules | ||||||
---|---|---|---|---|---|---|---|
Product: | [Community] GlusterFS | Reporter: | Niels de Vos <ndevos> | ||||
Component: | build | Assignee: | Satish Mohan <smohan> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | mainline | CC: | bugs, jcall, kaushal, rcyriac, riehecky, smohan | ||||
Target Milestone: | --- | Keywords: | EasyFix, Triaged | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | glusterfs-3.8rc2 | Doc Type: | Bug Fix | ||||
Doc Text: |
Please find doc in link:
https://bugzilla.redhat.com/attachment.cgi?id=1071307
|
Story Points: | --- | ||||
Clone Of: | 1057295 | Environment: | |||||
Last Closed: | 2016-06-16 13:31:51 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1057295 | ||||||
Attachments: |
|
Description
Niels de Vos
2015-08-16 06:38:14 UTC
REVIEW: http://review.gluster.org/11989 (Glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#1) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (Glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#2) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (Glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#3) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#4) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#5) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#6) for review on master by Anand Nekkunti (anekkunt) We are working on a solution for this. The solution in it's current state is as follows, - We ship a new package glusterfs-firewalld for fedora and centos7. This package contains firewalld configuration (in the form of firewalld services)to open ports required by GlusterFS and a couple of hook scripts which keep the firewalld configuration updated. Two service configurations will be shipped. - glusterfs-static - which contains the static glusterfs ports - glusterfs-dynamic - which contains the variable brick ports and is kept updated by the hook scripts - The hook scripts will be run when a brick is started (or stopped). The hook scripts will add (or remove) the brick port into (from) the firewalld configuration, and perform a firewalld reload, to have firewalld reload the updated services. Changes are required in GlusterD to provide the hook scripts with the ports. - The user needs to only enable the glusterfs firewalld services on the network of their choice to open up the required ports. - As an additional goal, we could also provide a glusterfs firewalld zone, which enables all the firewalld services required by glusterfs (nfs, swift, ssh etc.). This can make it even simpler for a user to enable all the firewall rules required for running glusterfs. I've started a discussion with the firewalld developers to validate our approach. http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/12404 https://lists.fedorahosted.org/pipermail/firewalld-devel/2015-August/000189.html REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Enabling static and dynamic ports if firewall installed.) posted (#8) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Create static and dynamic services if firewalld installed.) posted (#9) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Create static and dynamic services if firewalld installed.) posted (#10) for review on master by Anand Nekkunti (anekkunt) Firewalld doesn't have a way to dynamically change a service in runtime, without side-effects. The solution proposed in comment#7 causes, firewalld to reload it's runtime configuration, which as a side-effect leads to any runtime changes done to be lost. So for now, the best approach IMO is to statically open up a range of ports for the bricks. An RFE will be filed with firewalld to get support for runtime modification of service. REVIEW: http://review.gluster.org/11989 (glusterd/hook/spec: Create glusterfs firewall service if firewalld installed.) posted (#11) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (glusterd: Create glusterfs firewall service if firewalld installed.) posted (#12) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (firewall/spec: Create glusterfs firewall service if firewalld installed.) posted (#13) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (firewall/spec: Create glusterfs firewall service if firewalld installed.) posted (#14) for review on master by Anand Nekkunti (anekkunt) Created attachment 1071307 [details]
firewalld_doc
REVIEW: http://review.gluster.org/11989 (firewall/spec: Create glusterfs firewall service if firewalld installed.) posted (#15) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (firewall/spec: Create glusterfs firewall service if firewalld installed.) posted (#16) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (firewall/spec: Create glusterfs firewall service if firewalld installed.) posted (#18) for review on master by Anand Nekkunti (anekkunt) REVIEW: http://review.gluster.org/11989 (firewall/spec: Create glusterfs firewall service if firewalld installed.) posted (#19) for review on master by Anand Nekkunti (anekkunt) This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.8.0, please open a new bug report. glusterfs-3.8.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution. [1] http://blog.gluster.org/2016/06/glusterfs-3-8-released/ [2] http://thread.gmane.org/gmane.comp.file-systems.gluster.user |