Based on my discussion with Soumya, the following firewall related information is added at the beginning of the nfs-ganesha chapter in the "Important block" http://10.34.3.139:8080/view/Gluster/job/doc-Red_Hat_Gluster_Storage-3.1-Administration_Guide%20%28html-single%29/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#sect-NFS_Ganesha --------------------------------------------------------------------- Allow the firewall service in the active zones, run the following commands: # firewall-cmd --zone=public --add-service=mountd --add-service=high-availability # firewall-cmd --zone=public --add-service=mountd --add-service=high-availability --permanent # firewall-cmd --zone=public --add-port=4501/tcp --add-port=4501/udp \ --add-port=32803/tcp --add-port=32803/udp --add-port=662/tcp --add-port=662/udp # firewall-cmd --zone=public --add-port=4501/tcp --add-port=4501/udp \ --add-port=32803/tcp --add-port=32803/udp --add-port=662/tcp --add-port=662/udp On the NFS-client machine, execute the following commands: # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --add-port=892/tcp --add-port=892/udp --permanent # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --add-port=892/tcp --add-port=892/udp --permanent ---------------------------------------------------------------------- And a new bullet point is added under the "Prerequisites" section where all the information about "Defining Service Ports" is added: http://10.34.3.139:8080/view/Gluster/job/doc-Red_Hat_Gluster_Storage-3.1-Administration_Guide%20%28html-single%29/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#sect-NFS_Ganesha ------------------------------------------------------------------------ Defining Service Ports To define the service ports, execute the following steps on every node in the nfs-ganesha cluster: Edit '/etc/ganesha/ganesha.conf' as mentioned below: # sed -i '/NFS_Core_Param/a \ \ \ \ \ \ \ \ MNT_Port = 20048' /etc/ganesha/ganesha.conf # sed -i '/NFS_Core_Param/a \ \ \ \ \ \ \ \ NLM_Port = 32803' /etc/ganesha/ganesha.conf Edit /etc/sysconfig/nfs file as mentioned below: #sed -i '/STATD_PORT/s/' /etc/sysconfig/nfs Restart the statd service: For Red Hat Enterprise Linux 6: # pkill statd # rpc.statd -p 662 For Red Hat Enterprise Linux 7: Starting the nfs-ganesha service will restart the statd service as well. Execute the following steps on the client machine: Edit '/etc/sysconfig/nfs' using following commands: # sed -i '/STATD_PORT/s/^#//' /etc/sysconfig/nfs # sed -i '/LOCKD_TCPPORT/s/^#//' /etc/sysconfig/nfs # sed -i '/LOCKD_UDPPORT/s/^#//' /etc/sysconfig/nfs # sed -i '/MOUNTD_PORT/s/^#//' /etc/sysconfig/nfs Restart the services: For Red Hat Enterprise Linux 6: # service nfslock restart For Red Hat Enterprise Linux 7: # systemctl restart nfs-lock
Following are the corrections required and need to be addressed by the doc team: Under the important block: >>>> Allow the firewall service in the active zones, run the following commands: change one of below commands with --permanent option # firewall-cmd --zone=public --add-port=4501/tcp --add-port=4501/udp \ --add-port=32803/tcp --add-port=32803/udp --add-port=662/tcp --add-port=662/udp # firewall-cmd --zone=public --add-port=4501/tcp --add-port=4501/udp \ --add-port=32803/tcp --add-port=32803/udp --add-port=662/tcp --add-port=662/udp >>>> On the NFS-client machine, execute the following commands: remove --permanent from one of the below commands # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --add-port=892/tcp --add-port=892/udp --permanent # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --add-port=892/tcp --add-port=892/udp --permanent >>>>> combine below two statements together and also mention the port numbers of NLM_port and RQUOTAD_Port. Mention uncomment STATD_Port line under /etc/sysconfig/nfs Update the /etc/ganesha/ganesha.conf file with MNT_Port = 20048 variable in the NFS_Core_Param section. In the /etc/ganesha/ganesha.conf file add NLM_port and RQUOTAD_Port. Also, in the /etc/sysconfig/nfs file add STATD_Port Under Defining Service Ports: >>>>>> Edit '/etc/ganesha/ganesha.conf' as mentioned below: Add semicolons after the port numbers # sed -i '/NFS_Core_Param/a \ \ \ \ \ \ \ \ MNT_Port = 20048' /etc/ganesha/ganesha.conf # sed -i '/NFS_Core_Param/a \ \ \ \ \ \ \ \ NLM_Port = 32803' /etc/ganesha/ganesha.conf >>>>>> Edit /etc/sysconfig/nfs file as mentioned below: Correct the below line, it doesn't uncomment the statd_port line under /etc/sysconfig/nfs #sed -i '/STATD_PORT/s/' /etc/sysconfig/nfs @Soumya, Can you please check if the below behavior is correct?? >>>>>> Also, On the client side after editing the /etc/sysconfig/nfs file with below commands, adding the respective ports in firewalld and restarting nfs-lock service, the rpcinfo -p section doesn't lists the proper ports for the services # sed -i '/STATD_PORT/s/^#//' /etc/sysconfig/nfs # sed -i '/LOCKD_TCPPORT/s/^#//' /etc/sysconfig/nfs # sed -i '/LOCKD_UDPPORT/s/^#//' /etc/sysconfig/nfs # sed -i '/MOUNTD_PORT/s/^#//' /etc/sysconfig/nfs # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --add-port=892/tcp --add-port=892/udp # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --add-port=892/tcp --add-port=892/udp --permanent # systemctl restart nfs-lock [root@dhcp43-129 ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 2 udp 20048 mountd 100005 2 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100227 3 tcp 2049 nfs_acl 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100227 3 udp 2049 nfs_acl 100021 1 udp 58254 nlockmgr 100021 3 udp 58254 nlockmgr 100021 4 udp 58254 nlockmgr 100021 1 tcp 59390 nlockmgr 100021 3 tcp 59390 nlockmgr 100021 4 tcp 59390 nlockmgr 100024 1 udp 58208 status 100024 1 tcp 59045 status >>>>> for server side, afte uncommenting statd_port in /etc/sysconfig/nfs; adding port 662 in firewalld and restarting the nfs-ganesha service rpcinfo doesnt show the respective ports for statd on some of the nodes [root@dhcp42-115 ~]# rpcinfo -p program vers proto port service 100000 4 tcp 111 portmapper 100000 3 tcp 111 portmapper 100000 2 tcp 111 portmapper 100000 4 udp 111 portmapper 100000 3 udp 111 portmapper 100000 2 udp 111 portmapper 100003 3 udp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 udp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 20048 mountd 100005 1 tcp 20048 mountd 100005 3 udp 20048 mountd 100005 3 tcp 20048 mountd 100021 4 udp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100011 1 udp 4501 rquotad 100011 1 tcp 4501 rquotad 100011 2 udp 4501 rquotad 100011 2 tcp 4501 rquotad 100024 1 udp 35405 status 100024 1 tcp 40403 status
Shashank, Could you please verify if the following steps get the services listen on the ports configured -- On the server machine: RHEL-7: systemctl restart nfs-config systemctl restart rpc-statd RHEL-6 service restart nfslock On the client machine: RHEL-7: systemctl restart nfs-config systemctl restart rpc-statd systemctl restart nfs-mountd systemctl restart nfslock RHEL-6: service restart nfs service restart nfslock
yes, with the above restarts it works fine on both RHEL 6 and RHEL 7 Only change is: ON RHEL 6: service nfslock restart service nfs restart instead of service restart nfslock and service restart nfs
Hi Shashank/Soumya, I have made the necessary changes. Also, since we already have separate bullet point under Prerequisites "Defining Service Ports", the earlier steps after the firewall details is removed and the following information is added. "Ensure to configure the ports mentioned above. For more information see Defining Service Ports. in Section 7.3.3.2. Pre-requisites to run nfs-ganesha, http://jenkinscat.gsslab.pnq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.1-3.1.2-Stage_Administration_Guide%20%28html-single%29/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#sect-NFS_Ganesha Let me know if this looks ok, or are there any further changes required.
Hi Bhavana, there are some minor changes which are required: In below point under important section: >>>>> Ensure to configure the ports mentioned above. For more information see Defining Service Ports. in Section 7.3.3.2. Pre-requisites to run nfs-ganesha section 7.3.3.2 is mentioned, instead it should be 7.2.3.3.1. Prerequisites to run NFS-Ganesha >>>>> Also, under section 7.2.3.3.2. Configuring the HA Cluster please add the following note after the example of gluster nfs-ganesha enable In case, after enabling NFS-Ganesha, rpcinfo -p shows statd port different from 662, restart statd service For Red Hat Enterprise Linux 6: # service nfslock restart For Red Hat Enterprise Linux 7: # systemctl restart nfs-config # systemctl restart rpc-statd
Hi Shashank, i have made the required chnages: http://jenkinscat.gsslab.pnq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.1-3.1.2-Stage_Administration_Guide%20%28html-single%29/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#sect-NFS_Ganesha Also, based on our discussion, I have removed the command: # systemctl restart nfs-config
Verified the contents of the documentation based on the provided link: http://jenkinscat.gsslab.pnq.redhat.com:8080/job/doc-Red_Hat_Gluster_Storage-3.1-3.1.2-Stage_Administration_Guide%20%28html-single%29/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#sect-NFS_Ganesha It looks good now. All the mentioned changes have been incorporated. Hence marking this bug as Verified.