path: root/extras
diff options
authoranand <>2015-08-22 01:09:53 +0530
committerNiels de Vos <>2015-10-15 15:53:03 -0700
commit429669168f6e13798c04ad0641909493c213f22e (patch)
tree9cdb97a1282c5b5cb5d18808aacc6b2c308ef5ee /extras
parent0f72aa8668a6d2da4cce9cd04296454f2bc99d58 (diff)
firewall/spec: Create glusterfs firewall service if firewalld installed.
It creates glusterfs firewall service during installation. glusterfs service : It contains all default ports which needs to be opened. During installation glusterfs.xml is copied into firewall service directory(/usr/lib/firewalld/services/). Note: 1.For bricks: It opens the 512 ports, if brick is running out side this range(>49664) then admin need to open the port for that brick. 2.By default this service is not enabled in any of zone. To enable this service(glusterfs) in firewall: 1. Get active zone(s) in node firewall-cmd --get-active-zones 2. Attached this service(glusterfs) to zone(s) firewall-cmd --zone=<zone_name> --add-service=glusterfs --To apply runtime firewall-cmd --permanent --zone=<zone_name> --add-service=glusterfs --To apply permanent Note: we can also use firewall-config which gives GUI to configure firewall. Backport of: >Change-Id: Id97fe620c560fd10599511d751aed11a99ba4da5 >BUG: 1253967 >Signed-off-by: anand <> >Reviewed-on: >Reviewed-by: Niels de Vos <> >Tested-by: NetBSD Build System <> >Tested-by: Gluster Build System <> >(cherry picked from commit 7f327d3b4f9222995d2ee78862e48ca44c28411c) Change-Id: Iacf44b15ffb176c965c7f3b074065a54cf785dc7 BUG: 1057295 Signed-off-by: anand <>; Reviewed-on: Reviewed-by: Niels de Vos <> Tested-by: NetBSD Build System <> Tested-by: Gluster Build System <>
Diffstat (limited to 'extras')
3 files changed, 20 insertions, 1 deletions
diff --git a/extras/ b/extras/
index 6c11cb4..76dbb36 100644
--- a/extras/
+++ b/extras/
@@ -5,7 +5,7 @@ EditorModedir = $(docdir)
EditorMode_DATA = glusterfs-mode.el glusterfs.vim
SUBDIRS = init.d systemd benchmarking hook-scripts $(OCF_SUBDIR) LinuxRPM \
- $(GEOREP_EXTRAS_SUBDIR) ganesha snap_scheduler
+ $(GEOREP_EXTRAS_SUBDIR) ganesha snap_scheduler firewalld
confdir = $(sysconfdir)/glusterfs
conf_DATA = glusterfs-logrotate gluster-rsyslog-7.2.conf gluster-rsyslog-5.8.conf \
diff --git a/extras/firewalld/ b/extras/firewalld/
new file mode 100644
index 0000000..a5c11b0
--- /dev/null
+++ b/extras/firewalld/
@@ -0,0 +1,6 @@
+EXTRA_DIST = glusterfs.xml
+staticdir = /usr/lib/firewalld/services/
+static_DATA = glusterfs.xml
diff --git a/extras/firewalld/glusterfs.xml b/extras/firewalld/glusterfs.xml
new file mode 100644
index 0000000..f8efd90
--- /dev/null
+++ b/extras/firewalld/glusterfs.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<description>Default ports for gluster-distributed storage</description>
+<port protocol="tcp" port="24007"/> <!--For glusterd -->
+<port protocol="tcp" port="24008"/> <!--For glusterd RDMA port management -->
+<port protocol="tcp" port="38465"/> <!--Gluster NFS service -->
+<port protocol="tcp" port="38466"/> <!--Gluster NFS service -->
+<port protocol="tcp" port="38467"/> <!--Gluster NFS service -->
+<port protocol="tcp" port="38468"/> <!--Gluster NFS service -->
+<port protocol="tcp" port="38469"/> <!--Gluster NFS service -->
+<port protocol="tcp" port="49152-49664"/> <!--512 ports for bricks -->