diff options
| author | anand <anekkunt@redhat.com> | 2015-08-22 01:09:53 +0530 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2015-09-10 23:44:50 -0700 |
| commit | 7f327d3b4f9222995d2ee78862e48ca44c28411c (patch) | |
| tree | d9bfa0ce8ab13e073fca84114ef8eb5a2307125d /extras | |
| parent | 22cad7b522f223b47d87df6724f34273306ab7cd (diff) | |
firewall/spec: Create glusterfs firewall service if firewalld installed.
It creates glusterfs firewall service during installation.
glusterfs service : It contains all default ports which needs to be opened.
During installation glusterfs.xml is copied into firewall service directory(/usr/lib/firewalld/services/).
Note:
1.For bricks: It opens the 512 ports, if brick is running out side this range(>49664) then admin need to open the port
for that brick.
2.By default this service is not enabled in any of zone.
To enable this service(glusterfs) in firewall:
1. Get active zone(s) in node
firewall-cmd --get-active-zones
2. Attached this service(glusterfs) to zone(s)
firewall-cmd --zone=<zone_name> --add-service=glusterfs --To apply runtime
firewall-cmd --permanent --zone=<zone_name> --add-service=glusterfs --To apply permanent
Note:
we can also use firewall-config which gives GUI to configure firewall.
Change-Id: Id97fe620c560fd10599511d751aed11a99ba4da5
BUG: 1253967
Signed-off-by: anand <anekkunt@redhat.com>
Reviewed-on: http://review.gluster.org/11989
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Diffstat (limited to 'extras')
| -rw-r--r-- | extras/Makefile.am | 2 | ||||
| -rw-r--r-- | extras/firewalld/Makefile.am | 6 | ||||
| -rw-r--r-- | extras/firewalld/glusterfs.xml | 13 |
3 files changed, 20 insertions, 1 deletions
diff --git a/extras/Makefile.am b/extras/Makefile.am index 6c11cb4b7a9..76dbb36ab9e 100644 --- a/extras/Makefile.am +++ b/extras/Makefile.am @@ -5,7 +5,7 @@ EditorModedir = $(docdir) EditorMode_DATA = glusterfs-mode.el glusterfs.vim SUBDIRS = init.d systemd benchmarking hook-scripts $(OCF_SUBDIR) LinuxRPM \ - $(GEOREP_EXTRAS_SUBDIR) ganesha snap_scheduler + $(GEOREP_EXTRAS_SUBDIR) ganesha snap_scheduler firewalld confdir = $(sysconfdir)/glusterfs conf_DATA = glusterfs-logrotate gluster-rsyslog-7.2.conf gluster-rsyslog-5.8.conf \ diff --git a/extras/firewalld/Makefile.am b/extras/firewalld/Makefile.am new file mode 100644 index 00000000000..a5c11b0b783 --- /dev/null +++ b/extras/firewalld/Makefile.am @@ -0,0 +1,6 @@ +EXTRA_DIST = glusterfs.xml + +if USE_FIREWALLD +staticdir = /usr/lib/firewalld/services/ +static_DATA = glusterfs.xml +endif diff --git a/extras/firewalld/glusterfs.xml b/extras/firewalld/glusterfs.xml new file mode 100644 index 00000000000..f8efd90c3b5 --- /dev/null +++ b/extras/firewalld/glusterfs.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> +<short>glusterfs-static</short> +<description>Default ports for gluster-distributed storage</description> +<port protocol="tcp" port="24007"/> <!--For glusterd --> +<port protocol="tcp" port="24008"/> <!--For glusterd RDMA port management --> +<port protocol="tcp" port="38465"/> <!--Gluster NFS service --> +<port protocol="tcp" port="38466"/> <!--Gluster NFS service --> +<port protocol="tcp" port="38467"/> <!--Gluster NFS service --> +<port protocol="tcp" port="38468"/> <!--Gluster NFS service --> +<port protocol="tcp" port="38469"/> <!--Gluster NFS service --> +<port protocol="tcp" port="49152-49664"/> <!--512 ports for bricks --> +</service> |