Description of problem: We need to put a documentation that the RQUOTA port number that we are using is already hard coded and it is not same as used with other nfs servers. This is the update in the ganesha.conf Rquota_Port = 4501; Version-Release number of selected component (if applicable): nfs-ganesha-2.2.0-5.el7rhgs.x86_64 glusterfs-3.7.1-10.el7rhgs.x86_64 How reproducible: always
As per the latest discussion we had, we shall configure the ports to be used for mountd, nlm and rquota services in the nfs-ganesha.conf file and also provide firewalld service (nfs-ganesha) to open up these ports. The only remaining statd-port which is used by rpc.statd service has to be manually configured by the admin in '/etc/sysconfig/nfs' file and open it up by adding firewalld/iptables rule.
Upstream discussion regarding registering ports for these services can be found at - http://thread.gmane.org/gmane.linux.nfs/73398/focus=73416 For now, we shall configure these ports only for downstream nfs-ganesha.
The fix we are going to provide for this BZ is that we will package ganesha.conf with below default ports configured for all these services and then provide ganesha.xml to be used by firewalld to open those ports. MNT_Port = 20048; NLM_Port = 32803; Rquota_Port = 875; Note: these port numbers are chosen based on the values mentioned in '/etc/sysconfig/nfs' But however for STATD service, admin still has to edit below line in '/etc/sysconfig/nfs' file and restart statd service after adding firewall rule to open it. # Port rpc.statd should listen on. #STATD_PORT=662 # Outgoing port statd should used. The default is port # is random #STATD_OUTGOING_PORT=2020
The fix is under review.
fixed in nfs-ganesha-2.3.1-3.el7rhgs and nfs-ganesha-2.3.1-3.el6rhs
ON RHEL 7: While verifying this bug, i have an observation where after installing nfs-ganesha-2.3.1-3 rpm's on the cluster, ganesha.conf file gets updated with mentioned ports in bug as below: NFS_Core_Param { #Use supplied name other tha IP In NSM operations NSM_Use_Caller_Name = true; #Copy lock states into "/var/lib/nfs/ganesha" dir Clustered = false; #By default port number '2049' is used for NFS service. #Configure ports for MNT, NLM, RQuota services. #The ports chosen here are from '/etc/sysconfig/nfs' MNT_Port = 20048; NLM_Port = 32803; Rquota_Port = 875; } However these ports doesn't get added in firewalld and even restarting firewalld service doesn't help. [root@dhcp37-180 ganesha]# firewall-cmd --list-ports [root@dhcp37-180 ganesha]# Also, there is a confusion as to which .xml file should be responsible for adding these ports? 1) Should it be ganesha.xml (which soumya mentioned in comment 6), which is missing from /usr/lib/firewalld/services/ 2) or should it be nlm.xml and rquota.xml which are part of /usr/lib/firewalld/services. [root@dhcp37-180 ~]# ls /usr/lib/firewalld/services/ | grep nlm nlm.xml [root@dhcp37-180 ~]# ls /usr/lib/firewalld/services/ | grep rquota rquota.xml [root@dhcp37-180 ~]# ls /usr/lib/firewalld/services/ | grep ganesha [root@dhcp37-180 ~]# Please clarify, so that i can move the bug accordingly. On RHEL 6: Beacuse of the bug (https://bugzilla.redhat.com/show_bug.cgi?id=1327074), could not proceed with the verification on RHEL 6. Once we get a new build with working fix, will verify this on RHEL 6 as well.
Verified this bug with latest ganesha-2.3.1-4 build and in both RHEL 6 and RHEL 7, the ganesha.conf file gets updated with ports as below: NFS_Core_Param { #Use supplied name other tha IP In NSM operations NSM_Use_Caller_Name = true; #Copy lock states into "/var/lib/nfs/ganesha" dir Clustered = false; #By default port number '2049' is used for NFS service. #Configure ports for MNT, NLM, RQuota services. #The ports chosen here are from '/etc/sysconfig/nfs' MNT_Port = 20048; NLM_Port = 32803; Rquota_Port = 875; } ON RHEL 7: we need to add following services to firewalld [root@dhcp37-180 yum.repos.d]# firewall-cmd --zone=public --add-service=nlm --add-service=nfs --add-service=rpc-bind --add-service=high-availability --add-service=mountd --add-service=rquota success and under /etc/sysconfig/nfs vi /etc/sysconfig/nfs uncomment #STATD_PORT=662, #STATD_OUTGOING_PORT=2020 and add these ports to firewalld firewall-cmd --add-port=662/tcp --add-port=662/udp --add-port=2020/tcp --add-port=2020/udp for statd port 662 to take effect, we need to kill earlier running process and restart nfs-ganesha-lock service after these settings rpcinfo output is as below: [root@dhcp37-180 ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100003 3 udp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 udp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100021 4 udp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100011 1 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 udp 875 rquotad 100011 2 tcp 875 rquotad 100024 1 udp 662 status 100024 1 tcp 662 status ON RHEL 6: we need to edit /etc/sysconfig/nfs file vi /etc/sysconfig/nfs uncomment #STATD_PORT=662, #STATD_OUTGOING_PORT=2020 and do rpc.statd -p 662 rpcinfo output after the settings is as below: [root@dhcp43-59 ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100003 3 udp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 udp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100021 4 udp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100011 1 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 udp 875 rquotad 100011 2 tcp 875 rquotad 100024 1 udp 662 status 100024 1 tcp 662 status Based on the above observation, marking this bug as Verified.
Soumya, Please review and sign-off the edited doc text.
Doc text looks good to me.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2016:1247