Description of problem: Section to add firewall settings and editing nfs related files on client side. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1) On the NFS-client machine, configure firewalld to add ports used by statd and nlm services by executing the following commands: # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ --add-port=32803/tcp --add-port=32769/udp --permanent 2) Execute the following steps on the client machine: Edit '/etc/sysconfig/nfs' using following commands: # sed -i '/STATD_PORT/s/^#//' /etc/sysconfig/nfs # sed -i '/LOCKD_TCPPORT/s/^#//' /etc/sysconfig/nfs # sed -i '/LOCKD_UDPPORT/s/^#//' /etc/sysconfig/nfs # sed -i '/MOUNTD_PORT/s/^#//' /etc/sysconfig/nfs 3) Restart the services: For Red Hat Enterprise Linux 6: # service nfslock restart # service nfs restart For Red Hat Enterprise Linux 7: # systemctl restart nfs-config # systemctl restart rpc-statd # systemctl restart nfs-mountd # systemctl restart nfslock Actual results: Expected results: Section to add firewall settings and editing nfs related files on client side. Additional info:
(In reply to Shashank Raj from comment #0) > Description of problem: > > Section to add firewall settings and editing nfs related files on client > side. You can use the [firewalld:<client-ips>] to enable firewall rules in client. No extra implementation needed. > > Version-Release number of selected component (if applicable): > > > How reproducible: > > > Steps to Reproduce: > > 1) On the NFS-client machine, configure firewalld to add ports used by statd > and nlm services by executing the following commands: > > # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ > --add-port=32803/tcp --add-port=32769/udp > > # firewall-cmd --zone=public --add-port=662/tcp --add-port=662/udp \ > --add-port=32803/tcp --add-port=32769/udp --permanent > > 2) Execute the following steps on the client machine: > > Edit '/etc/sysconfig/nfs' using following commands: > > # sed -i '/STATD_PORT/s/^#//' /etc/sysconfig/nfs > # sed -i '/LOCKD_TCPPORT/s/^#//' /etc/sysconfig/nfs > # sed -i '/LOCKD_UDPPORT/s/^#//' /etc/sysconfig/nfs > # sed -i '/MOUNTD_PORT/s/^#//' /etc/sysconfig/nfs > ACK! > 3) Restart the services: > > For Red Hat Enterprise Linux 6: > > # service nfslock restart > # service nfs restart > > For Red Hat Enterprise Linux 7: > > # systemctl restart nfs-config > # systemctl restart rpc-statd > # systemctl restart nfs-mountd > # systemctl restart nfslock > ACK! Sample configuration file to mount NFS-Ganesha clients: [hosts] dhcp37-102 dhcp37-103 [firewalld1] action=add ports=111/tcp,2049/tcp,54321/tcp,5900/tcp,5900-6923/tcp,5666/tcp,16514/tcp,662/tcp,662/udp services=glusterfs,nlm,nfs,rpc-bind,high-availability,mountd,rquota [volume] action=create volname=ganesha transport=tcp replica_count=2 force=yes [nfs-ganesha] action=create-cluster ha-name=ganesha-ha-360 cluster-nodes=dhcp37-102,dhcp37-103 vip=10.70.44.121,10.70.44.122 volname=ganesha [firewalld2:10.70.37.192] action=add ports=662/tcp,662/udp,32803/tcp,32769/udp [clients] action=mount volname=dhcp37-102:/ganesha hosts=10.70.37.192 client_mount_points=/mnt/ganesha fstype=nfs options=vers=3,rw,relatime,wsize=8192,namlen=255
Rebase fixes the issue.
Verified this bug on # cat /etc/redhat-release Red Hat Enterprise Linux Server release 7.3 (Maipo) # rpm -qa | grep gdeploy gdeploy-2.0.1-4.el7rhgs.noarch # rpm -qa | grep ansible ansible-2.2.0.0-1.el7.noarch glusterfs-3.8.4-5.el7rhgs.x86_64 [root@dhcp37-157 examples]# cat gdeploy_client.conf [hosts] dhcp37-206.lab.eng.blr.redhat.com dhcp37-218.lab.eng.blr.redhat.com dhcp37-157.lab.eng.blr.redhat.com dhcp37-200.lab.eng.blr.redhat.com [firewalld1] action=add ports=111/tcp,2049/tcp,54321/tcp,5900/tcp,5900-6923/tcp,5666/tcp,16514/tcp,662/tcp,662/udp services=glusterfs,nlm,nfs,rpc-bind,high-availability,mountd,rquota [nfs-ganesha] action=create-cluster ha-name=ganesha-ha-360 cluster-nodes=dhcp37-206.lab.eng.blr.redhat.com,dhcp37-218.lab.eng.blr.redhat.com,dhcp37-157.lab.eng.blr.redhat.com,dhcp37-200.lab.eng.blr.redhat.com vip=10.70.40.213,10.70.40.214,10.70.40.215,10.70.40.216 volname=gluster_shared_storage [firewalld2:10.70.37.166] action=add ports=662/tcp,662/udp,32803/tcp,32769/udp [clients] action=mount volname=dhcp37-206.lab.eng.blr.redhat.com:/gluster_shared_storage hosts=10.70.37.166 client_mount_points=/mnt/ganesha fstype=nfs options=vers=3,rw,relatime,wsize=8192,namlen=255 As mount was successfull on client with all firewall settings applied,Hence marking this bug as verified.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2017-0482.html