<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div class="moz-cite-prefix">On 08/20/2015 09:55 AM, Anand Nekkunti
wrote:<br>
</div>
<blockquote cite="mid:55D556D2.4000900@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<br>
<br>
<div class="moz-cite-prefix">On 08/17/2015 03:22 PM, Christopher
Blum wrote:<br>
</div>
<blockquote
cite="mid:CAGFr3v1BuQ2u6KKWjEOU_B2wj9D14FusQTqMDiNsa0zMfwTt6A@mail.gmail.com"
type="cite">
<div dir="ltr">Hey Gluster Developers,
<div><br>
</div>
<div>I'm fairly new to GlusterFS, but noticed, that it is
missing the possibility to control firewalld, which is also
addressed in [1]</div>
<div>Since I wanted to propose a solution for this problem, I
briefly talked to Niels de Vos and we identified 2 possible
ways to fix this:</div>
<div><br>
</div>
<div>1) Use the dbus connection to control firewalld when we
do bind() as a server - it looks like there is only one
place where we do that [2]</div>
<div> --> Pretty much a catch all solution, but will
require to link against dbus and a precompiler check for OSs
with firewalld</div>
<div><br>
</div>
<div>2) Use the glusterfs hooks to call a script, when we
create volumes to open up the (dynamic) ports of the
involved bricks</div>
<div> --> Easier to implement, but where do we get the
port information from? Additionally involves the creation of
a static config for the glusterd process.</div>
</div>
</blockquote>
I prefer second option(by hooks) because of easy implementation
and configuration is permanent , I have written script
glusterfs_firewall.sh(find attached file) using this we can create
Glusterfs service and add/delete port to service(it also add
Glusterfs firewall service to default zone ).<br>
<br>
1. Default ports : This script need be called during post
installation so that it creates Glusterfs firewall service with
default ports and enables Glusterfs service in default zone.<br>
#glusterfs_firewall.sh -r <br>
<br>
2. Ports for bricks - this script need be called by hooks by
passing port number after allocating brick port by glusterd.<br>
#glusterfs_firewall.sh -p port_num (ex:
glusterfs_firewall.sh -p 41700)<br>
<br>
3.
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<span style="color: rgb(34, 34, 34); font-family: arial,
sans-serif; font-size: 16px; font-style: normal; font-variant:
normal; letter-spacing: normal; line-height: 17.4545459747314px;
orphans: auto; text-align: left; text-indent: 0px;
text-transform: none; white-space: normal; widows: 1;
word-spacing: 0px; -webkit-text-stroke-width: 0px;
background-color: rgb(255, 255, 255);">Ports Deallocation</span>
- ports can be removed from Glustrerfs service(during brick
stop)<br>
# glusterfs_firewall.sh -d port_num (ex:
glusterfs_firewall.sh -d 41700)<br>
</blockquote>
<br>
I have posted patch for this , please have a look at [1]<br>
[1]. <a class="moz-txt-link-freetext" href="http://review.gluster.org/#/c/11989/1">http://review.gluster.org/#/c/11989/1</a><br>
<blockquote cite="mid:55D556D2.4000900@redhat.com" type="cite"> <br>
<br>
<blockquote
cite="mid:CAGFr3v1BuQ2u6KKWjEOU_B2wj9D14FusQTqMDiNsa0zMfwTt6A@mail.gmail.com"
type="cite">
<div dir="ltr"><br>
<div>Looking at [3], we need to open up additional (dynamic)
ports for NFS? Is that info correct?</div>
<div><br>
</div>
<div>Since I'm fairly new, I would welcome a discussion, which
approach is best in your opinion. Please also tell me if any
assumptions from above are incorrect...</div>
<div><br>
</div>
<div>Best Regards,</div>
<div>
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div style="font-size:small"><span
style="font-size:12.8000001907349px">Chris</span><br>
</div>
<div style="font-size:small"><br>
</div>
<div style="font-size:small">
<div>[1] <a moz-do-not-send="true"
href="https://bugzilla.redhat.com/show_bug.cgi?id=1057295">https://bugzilla.redhat.com/show_bug.cgi?id=1057295</a></div>
<div>[2] <a moz-do-not-send="true"
href="https://forge.gluster.org/glusterfs-core/glusterfs/blobs/master/rpc/rpc-transport/socket/src/socket.c#line758">https://forge.gluster.org/glusterfs-core/glusterfs/blobs/master/rpc/rpc-transport/socket/src/socket.c#line758</a></div>
<div>[3] <a moz-do-not-send="true"
href="http://www.gluster.org/community/documentation/index.php/Gluster_3.1:_Installing_GlusterFS_on_Red_Hat_Package_Manager_%28RPM%29_Distributions">http://www.gluster.org/community/documentation/index.php/Gluster_3.1:_Installing_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions</a></div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Gluster-devel mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:Gluster-devel@gluster.org">Gluster-devel@gluster.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.gluster.org/mailman/listinfo/gluster-devel">http://www.gluster.org/mailman/listinfo/gluster-devel</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Gluster-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Gluster-devel@gluster.org">Gluster-devel@gluster.org</a>
<a class="moz-txt-link-freetext" href="http://www.gluster.org/mailman/listinfo/gluster-devel">http://www.gluster.org/mailman/listinfo/gluster-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>