max.degraaf at kpn.com
2017-Sep-07 10:49 UTC
[Gluster-users] Firewalls and ports and protocols
Reading the documentation there is conflicting information: According to https://wiki.centos.org/HowTos/GlusterFSonCentOS we only need port TCP open between 2 GlusterFS servers: Ports TCP:24007-24008 are required for communication between GlusterFS nodes and each brick requires another TCP port starting at 24009. According to https://gluster.readthedocs.io/en/latest/Administrator%20Guide/Setting%20Up%20Clients/ we also need to open UPD: Ensure that TCP and UDP ports 24007 and 24008 are open on all Gluster servers. Apart from these ports, you need to open one port for each brick starting from port 49152 (instead of 24009 onwards as with previous releases). The brick ports assignment scheme is now compliant with IANA guidelines. For example: if you have five bricks, you need to have ports 49152 to 49156 open. This part of the page is actually in the "Setting up Clients" section but it clearly mentions server. To add some more confusion there is an examply when using iptables: `$ sudo iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 24007:24008 -j ACCEPT ` `$ sudo iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 49152:49156 -j ACCEPT` This conflicts with the directions using UPD as well as it only opens TCP. So basically I have 2 questions: What protocol/ports are needed for 2 glusterfs servers to work together. What protocol/ports are needed for a glusters client (using only the native client) to work with a glusterfs server. PS: All our machines are running Centos 7.1. Thanks, Max -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20170907/e2fddae5/attachment.html>
On Thu, Sep 07, 2017 at 10:49:21AM +0000, max.degraaf at kpn.com wrote:> Reading the documentation there is conflicting information: > > According to https://wiki.centos.org/HowTos/GlusterFSonCentOS we only need port TCP open between 2 GlusterFS servers: > Ports TCP:24007-24008 are required for communication between GlusterFS nodes and each brick requires another TCP port starting at 24009. > > According to https://gluster.readthedocs.io/en/latest/Administrator%20Guide/Setting%20Up%20Clients/ we also need to open UPD: > Ensure that TCP and UDP ports 24007 and 24008 are open on all Gluster servers. Apart from these ports, you need to open one port for each brick starting from port 49152 (instead of 24009 onwards as with previous releases). The brick ports assignment scheme is now compliant with IANA guidelines. For example: if you have five bricks, you need to have ports 49152 to 49156 open. > This part of the page is actually in the "Setting up Clients" section but it clearly mentions server. > > To add some more confusion there is an examply when using iptables: > `$ sudo iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 24007:24008 -j ACCEPT ` > `$ sudo iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 49152:49156 -j ACCEPT` > This conflicts with the directions using UPD as well as it only opens TCP. > > > So basically I have 2 questions: > What protocol/ports are needed for 2 glusterfs servers to work together. > What protocol/ports are needed for a glusters client (using only the native client) to work with a glusterfs server. > > PS: All our machines are running Centos 7.1.Gluster 3.9.x+ require ports 24007/tcp and 49152+/tcp. This is for bare gluster, without NFS os samba, so clients mount the volumes via fuse. Regarding conflicting info in wikis... how about simply trying yourself and seeing what configuration works? Cheers, -- Leonid Isaev