Bug 2346093
| Summary: | [SMB][firewalld] Samba Deployment Fails When firewalld is Enabled | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Ceph Storage | Reporter: | Mohit Bisht <mobisht> |
| Component: | smb | Assignee: | Sachin Prabhu <sprabhu> |
| smb sub component: | samba | QA Contact: | Mohit Bisht <mobisht> |
| Status: | CLOSED CURRENTRELEASE | Docs Contact: | Rivka Pollack <rpollack> |
| Severity: | high | ||
| Priority: | unspecified | CC: | anoopcs, aramteke, cephqe-warriors, gdeschner, jmulligan, msaini, rpollack, sprabhu, tserlin, vdas |
| Version: | 8.0 | Keywords: | External |
| Target Milestone: | --- | Flags: | sprabhu:
needinfo+
|
| Target Release: | 8.1 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ceph-19.2.1-52.el9cp | Doc Type: | Bug Fix |
| Doc Text: |
.SMB service no longer fails with firewall enabled on clustered versions
Previously, when a clustered version of the SMB service had `firewalld` enabled, the `ctdb` nodes were unable to communicate with each other. As a result, the SMB service would fail.
With this fix, the ports are now recognized for the clustered service. Clustering support on Ceph nodes with the firewall enabled now works, as expected.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-07-23 15:51:16 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2351689 | ||
Description of problem: ======================= Samba deployment fails when firewalld is enabled on the server. Note: The issue occurs both with and without clustering. Scenario 1: Samba Deployment with Clustering Enabled & firewalld Enabled ==> Fail ================================================================================== # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled) Active: active (running) since Mon 2025-02-17 11:07:57 UTC; 33s ago Docs: man:firewalld(1) Main PID: 3874212 (firewalld) Tasks: 2 (limit: 407871) Memory: 27.0M CPU: 370ms CGroup: /system.slice/firewalld.service └─3874212 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Feb 17 11:07:57 argo012 systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 17 11:07:57 argo012 systemd[1]: Started firewalld - dynamic firewall daemon. # ceph smb cluster create smb1 user --define_user_pass user1%passwd --placement label:smb --clustering default --public_addrs 10.8.131.254/21 { "resource": { "resource_type": "ceph.smb.cluster", "cluster_id": "smb1", "auth_mode": "user", "intent": "present", "user_group_settings": [ { "source_type": "resource", "ref": "smb1ajycysxa" } ], "placement": { "label": "smb" }, "clustering": "default", "public_addrs": [ { "address": "10.8.131.254/21" } ] }, "state": "created", "additional_results": [ { "resource": { "resource_type": "ceph.smb.usersgroups", "users_groups_id": "smb1ajycysxa", "intent": "present", "values": { "users": [ { "name": "user1", "password": "passwd" } ], "groups": [] }, "linked_to_cluster": "smb1" }, "state": "created", "success": true } ], "success": true } # ceph smb share create smb1 share1 cephfs / --subvolume smb/sv1 <=== Command Not Proceeding Scenario 2: Samba Deployment with Clustering Disabled & firewalld Enabled ==> Fail =================================================================================== # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; preset: enabled) Active: active (running) since Mon 2025-02-17 11:07:57 UTC; 33s ago Docs: man:firewalld(1) Main PID: 3874212 (firewalld) Tasks: 2 (limit: 407871) Memory: 27.0M CPU: 370ms CGroup: /system.slice/firewalld.service └─3874212 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid Feb 17 11:07:57 argo012 systemd[1]: Starting firewalld - dynamic firewall daemon... Feb 17 11:07:57 argo012 systemd[1]: Started firewalld - dynamic firewall daemon. # ceph smb cluster create smb1 user --define_user_pass user1%passwd --placement label:smb --clustering never { "resource": { "resource_type": "ceph.smb.cluster", "cluster_id": "smb1", "auth_mode": "user", "intent": "present", "user_group_settings": [ { "source_type": "resource", "ref": "smb1pyadeclt" } ], "placement": { "label": "smb" }, "clustering": "never", "public_addrs": [] }, "state": "created", "additional_results": [ { "resource": { "resource_type": "ceph.smb.usersgroups", "users_groups_id": "smb1pyadeclt", "intent": "present", "values": { "users": [ { "name": "user1", "password": "passwd" } ], "groups": [] }, "linked_to_cluster": "smb1" }, "state": "created", "success": true } ], "success": true } # ceph smb share create smb1 share1 cephfs / --subvolume smb/sv1 <=== Command Not Proceeding Scenario 3: Samba Deployment with Clustering Enabled & firewalld Disabled ==> Pass =================================================================================== # systemctl status firewalld ○ firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) # ceph smb cluster create smb1 user --define_user_pass user1%passwd --placement label:smb --clustering default --public_addrs 10.8.131.254/21 { "resource": { "resource_type": "ceph.smb.cluster", "cluster_id": "smb1", "auth_mode": "user", "intent": "present", "user_group_settings": [ { "source_type": "resource", "ref": "smb1ajycysxa" } ], "placement": { "label": "smb" }, "clustering": "default", "public_addrs": [ { "address": "10.8.131.254/21" } ] }, "state": "created", "additional_results": [ { "resource": { "resource_type": "ceph.smb.usersgroups", "users_groups_id": "smb1ajycysxa", "intent": "present", "values": { "users": [ { "name": "user1", "password": "passwd" } ], "groups": [] }, "linked_to_cluster": "smb1" }, "state": "created", "success": true } ], "success": true } # ceph smb share create smb1 share1 cephfs / --subvolume smb/sv1 { "resource": { "resource_type": "ceph.smb.share", "cluster_id": "smb1", "share_id": "share1", "intent": "present", "name": "share1", "readonly": false, "browseable": true, "cephfs": { "volume": "cephfs", "path": "/", "subvolumegroup": "smb", "subvolume": "sv1", "provider": "samba-vfs" } }, "state": "created", "success": true } # ceph orch ls | grep smb.smb1 smb.smb1 3/3 3s ago 26s label:smb # ceph orch ls | grep smb.smb1 # ceph orch ls | grep smb.smb1 smb.smb1 3/3 4s ago 27s label:smb # smbclient -U user1%passwd //10.8.131.254/share1 -c ls . D 0 Thu Feb 13 19:44:56 2025 .. D 0 Thu Feb 13 19:44:56 2025 4633575424 blocks of size 1024. 4633522176 blocks available Version-Release number of selected component (if applicable): =============================================================== 19.2.0-53 How reproducible: ================== Always Steps to Reproduce: ==================== 1.Enable firewalld 2.Deploy smb services Actual results: ================ Unable to deploy smb services (share create command stuck) Expected results: ================= SMB service should deploy Additional info: