From 429669168f6e13798c04ad0641909493c213f22e Mon Sep 17 00:00:00 2001
From: anand <anekkunt@redhat.com>
Date: Sat, 22 Aug 2015 01:09:53 +0530
Subject: firewall/spec: Create glusterfs firewall service if firewalld
 installed.

It creates glusterfs firewall service during installation.

glusterfs service : It contains all default ports which needs to be opened.
During installation  glusterfs.xml is copied into firewall service directory(/usr/lib/firewalld/services/).

Note:
1.For bricks: It opens the 512 ports, if brick is running out side this range(>49664) then admin need to open the port
for that brick.
2.By default this service is not enabled in any of zone.

To enable this service(glusterfs) in firewall:

1. Get active zone(s) in node
     firewall-cmd  --get-active-zones

2. Attached this service(glusterfs) to zone(s)
   firewall-cmd  --zone=<zone_name>  --add-service=glusterfs               --To apply runtime
   firewall-cmd  --permanent  --zone=<zone_name>  --add-service=glusterfs  --To apply permanent

Note:
  we can also use firewall-config which gives GUI to configure firewall.

Backport of:
>Change-Id: Id97fe620c560fd10599511d751aed11a99ba4da5
>BUG: 1253967
>Signed-off-by: anand <anekkunt@redhat.com>
>Reviewed-on: http://review.gluster.org/11989
>Reviewed-by: Niels de Vos <ndevos@redhat.com>
>Tested-by: NetBSD Build System <jenkins@build.gluster.org>
>Tested-by: Gluster Build System <jenkins@build.gluster.com>
>(cherry picked from commit 7f327d3b4f9222995d2ee78862e48ca44c28411c)

Change-Id: Iacf44b15ffb176c965c7f3b074065a54cf785dc7
BUG: 1057295
Signed-off-by: anand <anekkunt@redhat.com>;
Reviewed-on: http://review.gluster.org/12357
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
---
 extras/Makefile.am             |  2 +-
 extras/firewalld/Makefile.am   |  6 ++++++
 extras/firewalld/glusterfs.xml | 13 +++++++++++++
 3 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 extras/firewalld/Makefile.am
 create mode 100644 extras/firewalld/glusterfs.xml

(limited to 'extras')

diff --git a/extras/Makefile.am b/extras/Makefile.am
index 6c11cb4b7a9..76dbb36ab9e 100644
--- a/extras/Makefile.am
+++ b/extras/Makefile.am
@@ -5,7 +5,7 @@ EditorModedir = $(docdir)
 EditorMode_DATA = glusterfs-mode.el glusterfs.vim
 
 SUBDIRS = init.d systemd benchmarking hook-scripts $(OCF_SUBDIR) LinuxRPM \
-          $(GEOREP_EXTRAS_SUBDIR) ganesha snap_scheduler
+          $(GEOREP_EXTRAS_SUBDIR) ganesha snap_scheduler firewalld
 
 confdir = $(sysconfdir)/glusterfs
 conf_DATA = glusterfs-logrotate gluster-rsyslog-7.2.conf gluster-rsyslog-5.8.conf \
diff --git a/extras/firewalld/Makefile.am b/extras/firewalld/Makefile.am
new file mode 100644
index 00000000000..a5c11b0b783
--- /dev/null
+++ b/extras/firewalld/Makefile.am
@@ -0,0 +1,6 @@
+EXTRA_DIST = glusterfs.xml
+
+if USE_FIREWALLD
+staticdir = /usr/lib/firewalld/services/
+static_DATA = glusterfs.xml
+endif
diff --git a/extras/firewalld/glusterfs.xml b/extras/firewalld/glusterfs.xml
new file mode 100644
index 00000000000..f8efd90c3b5
--- /dev/null
+++ b/extras/firewalld/glusterfs.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+<short>glusterfs-static</short>
+<description>Default ports for gluster-distributed storage</description>
+<port protocol="tcp" port="24007"/>    <!--For glusterd -->
+<port protocol="tcp" port="24008"/>    <!--For glusterd RDMA port management -->
+<port protocol="tcp" port="38465"/>    <!--Gluster NFS service -->
+<port protocol="tcp" port="38466"/>    <!--Gluster NFS service -->
+<port protocol="tcp" port="38467"/>    <!--Gluster NFS service -->
+<port protocol="tcp" port="38468"/>    <!--Gluster NFS service -->
+<port protocol="tcp" port="38469"/>    <!--Gluster NFS service -->
+<port protocol="tcp" port="49152-49664"/>  <!--512 ports for bricks -->
+</service>
-- 
cgit