----- Original Message -----
From: "Andrew Cathrow" <acathrow(a)redhat.com>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: "Shireesh Anjal" <sanjal(a)redhat.com>, engine-devel(a)ovirt.org,
"Selvasundaram" <sesubram(a)redhat.com>
Sent: Thursday, August 30, 2012 9:37:59 PM
Subject: Re: [Engine-devel] Gluster IPTable configuration
----- Original Message -----
> From: "Alon Bar-Lev" <alonbl(a)redhat.com>
> To: "Selvasundaram" <sesubram(a)redhat.com>
> Cc: "Shireesh Anjal" <sanjal(a)redhat.com>, engine-devel(a)ovirt.org
> Sent: Thursday, August 30, 2012 2:35:16 PM
> Subject: Re: [Engine-devel] Gluster IPTable configuration
>
>
>
> ----- Original Message -----
> > From: "Selvasundaram" <sesubram(a)redhat.com>
> > To: engine-devel(a)ovirt.org
> > Cc: "Shireesh Anjal" <sanjal(a)redhat.com>
> > Sent: Thursday, August 30, 2012 4:30:16 PM
> > Subject: [Engine-devel] Gluster IPTable configuration
> >
> >
> > Hi,
> >
> > I want to add gluster specific IPTable configuration in addition
> > to
> > the ovirt IPTable configuration (if it is gluster node).
> >
> > There are two approaches,
> > 1. Having one more gluster specific IP table config in db and
> > merge
> > with ovirt IPTable config (merging NOT appending)
> > [I have the patch engine: Gluster specific firewall
> > configurations
> > #7244]
> > 2. Having two different IP Table config (ovirt and ovirt+gluster)
> > and
> > use either one.
> >
> > Please provide your suggestions or improvements on this.
> >
>
> Hello all,
>
> The mentioned patch[1], adds hard coded gluster code into the
> bootstrap code, manipulate the firewall configuration to be gluster
> specific. It hardcoded search for "reject", insert before some
> other
> rules.
>
> I believe this hardcode approach is obsolete now that we have
> proper
> tools for templates.
>
> A more robust solution would be defining generic profiles, each
> profile as a template, each template can refer to different
> profiles, and assign profile to a node.
>
> This way the implementation is not gluster [or any] specific and
> can
> be reused for more setups, code is cleaner.
or create custom chains ?
Can you please elaborate what is custom chains?
Thanks!
>
> Example:
>
> BASIC.PRE
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> BASIC.IN
> accept ...
> accept ...
> BASIC.POST
> reject ...
> reject ...
>
> BASIC
> ${BASIC.PRE}
> ${BASIC.IN}
> ${BASIC.POST}
>
> GLUSTER
> ${BASIC.PRE}
> ${BASIC.IN}
> accept ...
> ${BASIC.POST}
> reject ...
>
> Regards,
> Alon Bar-Lev
>
> [1]
http://gerrit.ovirt.org/#/c/7244/
> _______________________________________________
> Engine-devel mailing list
> Engine-devel(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/engine-devel
>