If the number of servers increase then there is a chance of GlusterFS port clashing with reserved ports.
For example if the servers increase more than 28 a pop3 over ssl daemon,
which uses 995 port, cannot start after GlusterFS client.
Please update the status of this bug as its been more than 6months since its filed (bug id < 2000)
Please resolve it with proper resolution if its not valid anymore. If its still valid and not critical, move it to 'enhancement' severity.
Planing to keep 3.4.x branch as "internal enhancements" release without any features. So moving these bugs to 3.4.0 target milestone.
Don't know if I can close this. Reported by Keisuke Takahashi... have to test this though.
*** Bug 806504 has been marked as a duplicate of this bug. ***
*** Bug 765228 has been marked as a duplicate of this bug. ***
Paraphasing David Coulson at Gluster Users mailing list:
Why does not use ports within the /proc/sys/net/ipv4/ip_local_port_range?
With two servers, glusterfs (v3.3) started up listening on port 993, which kept dovecot from starting. Not good. Please fix.
I'm having similar issues, simple cluster of 3 replicating. 'glusterfs' takes over 995 and 993, going as low as 959 in my case. I'm confused why unused ephemeral ports aren't used instead of lower *more likely to be used* ports.
Currently running glusterfs 3.3.0, I will update the packages to 3.3.1 and report any changes. I don't see anything in the release notes though..somewhat worrisome. This bug was opened in..? 2010..
Can we change this to a feature request for a config option for those who can't give up ports below 1024?
As a general rule of thumb, ports under 1024 aka well-known-ports are reserved..why does gluster want to use these? Its a bit confusing why the most used port range in the world would be chosen. But hey I'm not the developer, not my decision, thanks for a great piece of software either way!
Hi Jacob, thats because we don't have *complete* security interms of trusting the client's connection. And if the process is using ports below 1024, that means, only root can do that, which is in many cases a good enough security. And that is the reason glusterfs uses the ports below 1024.
JMW, yes, with the patch posted above, it would make it configurable to ignore those ports.
CHANGE: http://review.gluster.org/4131 (socket,rdma: before binding to any port check if it is a reserved port) merged in master by Vijay Bellur (email@example.com)
CHANGE: http://review.gluster.org/4264 (libglusterfs: fix unused-but-set-variable warning) merged in master by Anand Avati (firstname.lastname@example.org)
Current behavior is:
* Check if the port is listed in /proc/sys/net/ipv4/ip_local_reserved_ports
* If it is, then don't bind to that port, check next...
In this case if the sysadmin has forgotten to mention the list of well known ports that he wishes to use for different applications like dovecot, ssl... our solution would not work for him and we end up binding to the reserved ports.
We may have to document this behavior, so that the sysadmin remembers to add the reserved ports to the ip_local_reserved_ports file.
CHANGE: http://review.gluster.org/4426 (762989.t: fix a typo by grepping only the blocked port number from netstat o/p) merged in master by Anand Avati (email@example.com)
CHANGE: http://review.gluster.org/4486 (tests/bugs/bug-762989.t: do not check the listening ports) merged in master by Anand Avati (firstname.lastname@example.org)
CHANGE: http://review.gluster.org/4583 (libglusterfs: avoid the logging which says the port is invalid) merged in master by Anand Avati (email@example.com)
REVIEW: http://review.gluster.org/4821 (libglusterfs: avoid the logging which says the port is invalid) posted (#1) for review on release-3.4 by Raghavendra Bhat (firstname.lastname@example.org)
The ideal solution (longer term, not right now) is to make GlusterFS firewall friendly, by listening on only one port for everything.
Preferably reserving that port with IANA (www.iana.org) as well, for good measure.
COMMIT: http://review.gluster.org/4821 committed in release-3.4 by Vijay Bellur (email@example.com)
Author: Raghavendra Bhat <firstname.lastname@example.org>
Date: Tue Feb 26 18:34:53 2013 +0530
libglusterfs: avoid the logging which says the port is invalid
If the reserved ports file in proc contains just a newline, then
do not proceed with ports checking and reserving.
Signed-off-by: Raghavendra Bhat <email@example.com>
Tested-by: Gluster Build System <firstname.lastname@example.org>
Reviewed-by: Vijay Bellur <email@example.com>