Description of problem: ----------------------- iptables rules are blocking glusterd (management) network traffic by default Version-Release number of selected component (if applicable): -------------------------------------------------------------- RHGS 3.1 ISO ( based on RHEL 7.1 ) - [ http://download.eng.bos.redhat.com/composes/nightly/RHGSS-3.1-RHEL-7-20150714.n.1/compose/RHGSS/x86_64/iso/RHGSS-3.1-RHEL-7-20150714.n.1-RHGSS-x86_64-dvd1.iso ] glusterfs-3.7.1-9.el7rhgs How reproducible: ----------------- Consistent Steps to Reproduce: ------------------- 1. Install RHGS 3.1 ( which is based on RHEL 7.1 ) 2. Initiate 'peer probe' command Actual results: --------------- Peer probe fails with error message - "peer probe: failed: Probe returned with unknown errno 107" Expected results: ----------------- Peer probe should be successful Additional info: ---------------- iptables rules will be blank with RHGS 3.1 based on RHEL 6.7, which never blocked glusterd traffic. Rules should be added by default in RHGS 3.1 based on RHEL 7.1, such a way that glusterd traffic - would be allowed.
This iptables rules should be added in RHGS 3.1 based on RHEL 7.1 to allow glusterd traffic Moving this bug to correct component
firewall has this concepts of zones and services. We could create a 'zone' specifically for 'gluster' ( maybe called 'RHGS-zone' ) and add services or open-ports corresponding to the zone. I see in Fedora 22 following zones are available, [root@ ~]# firewall-cmd --get-zones FedoraServer FedoraWorkstation block dmz drop external home internal public trusted work so FedoraServer, FedoraWorkstation are custom created zones created to ease the user, in setting up firewall rules. Can this could be added to RHGS 3.1 ISO based on RHEL 7.1 ?
(In reply to SATHEESARAN from comment #2) > firewall has this concepts of zones and services. > We could create a 'zone' specifically for 'gluster' ( maybe called > 'RHGS-zone' ) and add services or open-ports corresponding to the zone. > > I see in Fedora 22 following zones are available, > [root@ ~]# firewall-cmd --get-zones > FedoraServer FedoraWorkstation block dmz drop external home internal public > trusted work > > so FedoraServer, FedoraWorkstation are custom created zones created to ease > the user, in setting up firewall rules. > > Can this could be added to RHGS 3.1 ISO based on RHEL 7.1 ? Could a similar zone be created specific to RHGS based on port information available in - https://access.redhat.com/documentation/en-US/Red_Hat_Storage/3/html-single/Installation_Guide/index.html#Port_Information ?
Proposing this issue as the blocker for RHGS 3.1 as all the glusterd traffic would be blocked
This bugs is for providing a firewall zone so as to all gluster services running with port number as mentioned in comment5 This bug would be considered for RHGS 3.1.z and there will be a separate bug to disable firewalld in RHGS 3.1 based on RHEL 7.1 Changing the summary of this bug accordingly
This bug was already as part of https://bugzilla.redhat.com/show_bug.cgi?id=1261319. *** This bug has been marked as a duplicate of bug 1261319 ***
*** This bug has been marked as a duplicate of bug 1253774 ***