4:53 p.m.
Hey,
We're gathering information regarding the ports we open as part of the
firewalld migration research.
We have most of the current ports covered by either firewalld itself or by
3rd party packages, however some questions remain unanswered:
IPTablesConfigForVirt:
- serial consoles (tcp/2223): Is this required? can't find a single
reference to a listening entity. Either way, I couldn't find a relevant
service that provides it.
IPTablesConfigForGluster:
- Gluster swift (tcp/8080): Doesn't appear in Gluster's firewalld service.
Should be added to Gluster's firewalld service?
- tcp/39543 and tcp/55863, appear under "status". Couldn't find a relevant
service that provides them. Should be added? (and if so, where?)
- nlockmgr (tcp/38468, udp/963, tcp/965): tcp/38468 appears in gluster's
service. Couldn't find a relevant service that provides the other two.
Should be added? (and if so, where?)
- ctdbd (tcp/4379): Couldn't find a relevant service that provides this.
Should be added? (and if so, where?)
Thanks,
Leon
11:52 a.m.
On 04/02/2017 03:53 PM, Leon Goldberg wrote:
Hey,
We're gathering information regarding the ports we open as part of the
firewalld migration research.
We have most of the current ports covered by either firewalld itself
or by 3rd party packages, however some questions remain unanswered:
IPTablesConfigForVirt:
- serial consoles (tcp/2223): Is this required? can't find a single
reference to a listening entity. Either way, I couldn't find a
relevant service that provides it.
It is required:
* on each virtualization host (e.g. the same machine who runs Vdsm)
* IF the virtual serial console is enabled (it is by default)
The listening entity is the external service
"ovirt-vmconsole-host-sshd", which is one special-configured sshd instance.
Bests,
--
Francesco Romani
Senior SW Eng., Virtualization R&D
Red Hat
IRC: fromani github: @fromanirh
5:51 p.m.
On Sun, Apr 2, 2017 at 7:23 PM, Leon Goldberg <lgoldber(a)redhat.com> wrote:
Hey,
We're gathering information regarding the ports we open as part of the
firewalld migration research.
We have most of the current ports covered by either firewalld itself or by
3rd party packages, however some questions remain unanswered:
IPTablesConfigForVirt:
- serial consoles (tcp/2223): Is this required? can't find a single
reference to a listening entity. Either way, I couldn't find a relevant
service that provides it.
IPTablesConfigForGluster:
- Gluster swift (tcp/8080): Doesn't appear in Gluster's firewalld service.
Should be added to Gluster's firewalld service?
This is required when gluster-swift service is running on the hosts.
gluster-swift is no longer installed as part of glusterfs-server
installation, so this can be removed.
- tcp/39543 and tcp/55863, appear under "status". Couldn't find a relevant
service that provides them. Should be added? (and if so, where?)
The https://access.redhat.com/documentation/en-us/red_hat_gluste
r_storage/3.2/html/installation_guide/port_information mentions these as
needed by oVirt. Could be legacy? These can be removed if oVirt no longer
uses these ports
- nlockmgr (tcp/38468, udp/963, tcp/965): tcp/38468 appears in gluster's
service. Couldn't find a relevant service that provides the other two.
Should be added? (and if so, where?)
These are needed by NFS LockManager, and needed when gluster nfs access is
enabled on gluster volume
- ctdbd (tcp/4379): Couldn't find a relevant service that provides this.
Should be added? (and if so, where?)
These are needed to access gluster volume using SMB. CTDB service uses this
port
Thanks,
Leon
11:01 p.m.
On Mon, Apr 3, 2017 at 5:51 PM, Sahina Bose <sabose(a)redhat.com> wrote:
On Sun, Apr 2, 2017 at 7:23 PM, Leon Goldberg <lgoldber(a)redhat.com> wrote:
>
> Hey,
>
> We're gathering information regarding the ports we open as part of the
> firewalld migration research.
>
> We have most of the current ports covered by either firewalld itself or by
> 3rd party packages, however some questions remain unanswered:
>
>
> IPTablesConfigForVirt:
>
> - serial consoles (tcp/2223): Is this required? can't find a single
> reference to a listening entity. Either way, I couldn't find a relevant
> service that provides it.
>
>
> IPTablesConfigForGluster:
>
> - Gluster swift (tcp/8080): Doesn't appear in Gluster's firewalld service.
> Should be added to Gluster's firewalld service?
This is required when gluster-swift service is running on the hosts.
gluster-swift is no longer installed as part of glusterfs-server
installation, so this can be removed.
>
>
> - tcp/39543 and tcp/55863, appear under "status". Couldn't find a
relevant
> service that provides them. Should be added? (and if so, where?)
The
https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2...
mentions these as needed by oVirt. Could be legacy? These can be removed if
oVirt no longer uses these ports
>
>
> - nlockmgr (tcp/38468, udp/963, tcp/965): tcp/38468 appears in gluster's
> service. Couldn't find a relevant service that provides the other two.
> Should be added? (and if so, where?)
These are needed by NFS LockManager, and needed when gluster nfs access is
enabled on gluster volume
>
>
> - ctdbd (tcp/4379): Couldn't find a relevant service that provides this.
> Should be added? (and if so, where?)
These are needed to access gluster volume using SMB. CTDB service uses this
port
We'd like to create firewalld service definitions for these services.
Could specify which RPM provides each of the services that you
mentioned? Would it make sense, in your opinion, to ship a firewalld
xml definition in each of them?
2790
days inactive
2791
days old
3 comments
4 participants
participants (4)
-
Dan Kenigsberg -
Francesco Romani -
Leon Goldberg -
Sahina Bose