Bug 1371633

Summary: mop off the glusterfs firewall service
Product: [Community] GlusterFS Reporter: Prasanna Kumar Kalever <prasanna.kalever>
Component: glusterdAssignee: bugs <bugs>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: mainlineCC: amukherj, atumball, bugs, prasanna.kalever
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-07-15 03:09:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Prasanna Kumar Kalever 2016-08-30 16:58:11 UTC 
Description of problem:
Currently glusterfs firewall service is created if firewalld installed.

It creates glusterfs firewall service during installation. 

glusterfs service : It contains all default ports which needs to be opened.

During installation  glusterfs.xml is copied into firewall service directory(/usr/lib/firewalld/services/).

This is what currently happens:
    1.For bricks: It opens the 512 ports, if brick is running out side this range(>49664) then admin need to open the port
    for that brick.
    2.By default this service is not enabled in any of zone.

    To enable this service(glusterfs) in firewall:

    1. Get active zone(s) in node
         firewall-cmd  --get-active-zones

    2. Attached this service(glusterfs) to zone(s)
       firewall-cmd  --zone=<zone_name>  --add-service=glusterfs               --To apply runtime
       firewall-cmd  --permanent  --zone=<zone_name>  --add-service=glusterfs  --To apply permanent



This mechanism for opening ports for firewall is no more needed with the new port map architecture, hence we need to mop this off.


Version-Release number of selected component (if applicable):
mainline
Comment 1 Niels de Vos 2016-09-06 12:17:07 UTC 
(In reply to Prasanna Kumar Kalever from comment #0)
...
> This mechanism for opening ports for firewall is no more needed with the new
> port map architecture, hence we need to mop this off.

Pointer to the updated documentation about the new port map architecture? How is GlusterD going to open ports dynamically?
Comment 2 Amar Tumballi 2019-05-09 20:09:43 UTC 
Is it required even now? Why was no one bothered about in years?
Comment 3 Atin Mukherjee 2019-07-08 03:49:53 UTC 
I don't think we're going to work on this any longer in GD1. Appreciate if this can be closed as won't fix. I'll wait for couple of days for Prasanna to come over, otherwise would close this.
Comment 4 Atin Mukherjee 2019-07-15 03:09:17 UTC 
I'm closing this for now. If there's any valid justification please reopen.