Re: [ovirt-devel] Gluster/virt ports clarifications.
On Mon, Apr 3, 2017 at 5:51 PM, Sahina Bose wrote: > > > On Sun, Apr 2, 2017 at 7:23 PM, Leon Goldberg wrote: >> >> Hey, >> >> We're gathering information regarding the ports we open as part of the >> firewalld migration research. >> >> We have most of the current ports covered by either firewalld itself or by >> 3rd party packages, however some questions remain unanswered: >> >> >> IPTablesConfigForVirt: >> >> - serial consoles (tcp/2223): Is this required? can't find a single >> reference to a listening entity. Either way, I couldn't find a relevant >> service that provides it. >> >> >> IPTablesConfigForGluster: >> >> - Gluster swift (tcp/8080): Doesn't appear in Gluster's firewalld service. >> Should be added to Gluster's firewalld service? > > > This is required when gluster-swift service is running on the hosts. > gluster-swift is no longer installed as part of glusterfs-server > installation, so this can be removed. > >> >> >> - tcp/39543 and tcp/55863, appear under "status". Couldn't find a relevant >> service that provides them. Should be added? (and if so, where?) > > > The > https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/installation_guide/port_information > mentions these as needed by oVirt. Could be legacy? These can be removed if > oVirt no longer uses these ports > >> >> >> - nlockmgr (tcp/38468, udp/963, tcp/965): tcp/38468 appears in gluster's >> service. Couldn't find a relevant service that provides the other two. >> Should be added? (and if so, where?) > > > These are needed by NFS LockManager, and needed when gluster nfs access is > enabled on gluster volume > >> >> >> - ctdbd (tcp/4379): Couldn't find a relevant service that provides this. >> Should be added? (and if so, where?) > > > These are needed to access gluster volume using SMB. CTDB service uses this > port We'd like to create firewalld service definitions for these services. Could specify which RPM provides each of the services that you mentioned? Would it make sense, in your opinion, to ship a firewalld xml definition in each of them? ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Gluster/virt ports clarifications.
On Sun, Apr 2, 2017 at 7:23 PM, Leon Goldberg wrote: > Hey, > > We're gathering information regarding the ports we open as part of the > firewalld migration research. > > We have most of the current ports covered by either firewalld itself or by > 3rd party packages, however some questions remain unanswered: > > > IPTablesConfigForVirt: > > - serial consoles (tcp/2223): Is this required? can't find a single > reference to a listening entity. Either way, I couldn't find a relevant > service that provides it. > > > IPTablesConfigForGluster: > > - Gluster swift (tcp/8080): Doesn't appear in Gluster's firewalld service. > Should be added to Gluster's firewalld service? > This is required when gluster-swift service is running on the hosts. gluster-swift is no longer installed as part of glusterfs-server installation, so this can be removed. > > - tcp/39543 and tcp/55863, appear under "status". Couldn't find a relevant > service that provides them. Should be added? (and if so, where?) > The https://access.redhat.com/documentation/en-us/red_hat_gluste r_storage/3.2/html/installation_guide/port_information mentions these as needed by oVirt. Could be legacy? These can be removed if oVirt no longer uses these ports > > - nlockmgr (tcp/38468, udp/963, tcp/965): tcp/38468 appears in gluster's > service. Couldn't find a relevant service that provides the other two. > Should be added? (and if so, where?) > These are needed by NFS LockManager, and needed when gluster nfs access is enabled on gluster volume > > - ctdbd (tcp/4379): Couldn't find a relevant service that provides this. > Should be added? (and if so, where?) > These are needed to access gluster volume using SMB. CTDB service uses this port > > > Thanks, > Leon > ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
Re: [ovirt-devel] Gluster/virt ports clarifications.
On 04/02/2017 03:53 PM, Leon Goldberg wrote: > Hey, > > We're gathering information regarding the ports we open as part of the > firewalld migration research. > > We have most of the current ports covered by either firewalld itself > or by 3rd party packages, however some questions remain unanswered: > > > IPTablesConfigForVirt: > > - serial consoles (tcp/2223): Is this required? can't find a single > reference to a listening entity. Either way, I couldn't find a > relevant service that provides it. It is required: * on each virtualization host (e.g. the same machine who runs Vdsm) * IF the virtual serial console is enabled (it is by default) The listening entity is the external service "ovirt-vmconsole-host-sshd", which is one special-configured sshd instance. Bests, -- Francesco Romani Senior SW Eng., Virtualization R&D Red Hat IRC: fromani github: @fromanirh ___ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
