Description of problem:
Under hyperconverged the firewall configuration does not account for the offset required to prevent vdsm and gluster brick ports overlapping
A pre-req is to ensure that the glusterfs installation has it's base-port defined in /etc/glusterfs/glusterd.vol
option base-port 49217
Version-Release number of selected component (if applicable):
Steps to Reproduce:
the firewall on a converged nodes should align to the base-port re-assignment in gluster (example attached)
Created attachment 980678 [details]
sample iptables config file from a converged node (rh7/glusterfs3.6)
Is this bug about setting the base-port option, or about adjusting the firewall to that port?
(In reply to Fabian Deutsch from comment #2)
> Is this bug about setting the base-port option, or about adjusting the
> firewall to that port?
Both. To my mind updating the firewall without the base-port update is non-sensical and vice versa. If this needs to be 2 BZ's let me know and I raise another one - but the bottom line is that the firewall and base-port need to be done and they're related.
Just to recap the status of this bug:
- on engine side, the firewalls rules have been updated for supporting the HC configuration with bug #1202768
- on first host for Hosted Engine in HC setup the support for changing base-port in /etc/glusterfs/glusterd.vol is covered by http://www.ovirt.org/Features/Self_Hosted_Engine_Hyper_Converged_Gluster_Support and included in the patch under review https://gerrit.ovirt.org/36108 ; the feature is tracked under bug #1175354
What is missing is to set base-port in /etc/glusterfs/glusterd.vol on additional hosts for HC setup and this has to be done in ovirt-host-deploy.
Additional host support is under review in patch http://gerrit.ovirt.org/38547.
In order to support a contingency plan if HC feature won't be ready I'll push a separate patch for adding only the /etc/glusterfs/glusterd.vol configuration if hosted engine and gluster support are both enabled.
Please let me know if the glusterd.vol change must be done always for gluster enabled hosts or if it's ok to have this done only in the Hosted Engine case.
The glusterd.vol update and firewall change is required for gluster enabled virt host (HC node)...I don't think the engine being self-hosted or external has a bearing on this requirement.
According to the discussion in https://gerrit.ovirt.org/#/c/39678/1/src/plugins/ovirt-host-deploy/hosted-engine/glusterd.py it's not required to change the base-port option
Closing as wontfix.