[Engine-devel] Proposed change in default port numbers
Hello all, In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss. Suggestions are welcome. Regards, Juan Hernandez -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Monday, July 16, 2012 2:44:40 PM Subject: [Engine-devel] Proposed change in default port numbers
Hello all,
In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss.
To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Suggestions are welcome.
Regards, Juan Hernandez -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
_______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Monday, July 16, 2012 2:44:40 PM Subject: [Engine-devel] Proposed change in default port numbers
Hello all,
In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss.
To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Correct, 80 and 443 will continue to be the default ports when using Apache as proxy in front of JBoss: 80 -> 80 (no change) 443 -> 443 (no change) 8080 -> 6090 8443 -> 6091 8009 -> 6092 4447 -> 6093 4712 -> 6094 4713 -> 6095 -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: "Andrew Cathrow" <acathrow@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, July 16, 2012 3:27:02 PM Subject: Re: [Engine-devel] Proposed change in default port numbers
On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Monday, July 16, 2012 2:44:40 PM Subject: [Engine-devel] Proposed change in default port numbers
Hello all,
In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss.
To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Correct, 80 and 443 will continue to be the default ports when using Apache as proxy in front of JBoss:
80 -> 80 (no change) 443 -> 443 (no change) 8080 -> 6090 8443 -> 6091
This is probably a stupid question, but what are the following ports used for:
8009 -> 6092 4447 -> 6093 4712 -> 6094 4713 -> 6095
As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we? Steve
On 07/17/2012 08:19 PM, Steve Gordon wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: "Andrew Cathrow" <acathrow@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, July 16, 2012 3:27:02 PM Subject: Re: [Engine-devel] Proposed change in default port numbers
On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Monday, July 16, 2012 2:44:40 PM Subject: [Engine-devel] Proposed change in default port numbers
Hello all,
In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss.
To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Correct, 80 and 443 will continue to be the default ports when using Apache as proxy in front of JBoss:
80 -> 80 (no change) 443 -> 443 (no change) 8080 -> 6090 8443 -> 6091
This is probably a stupid question, but what are the following ports used for:
8009 -> 6092
This port is used for the communication between the Apache web server and the JBoss application server using the AJP protocol. It doesn't need to be available outside of the machine.
4447 -> 6093
These port is used by the remoting capability of the application server: calling EJBs from external applications. We don't use it but it is required anyhow. It doesn't need to be available outside of the machine.
4712 -> 6094 4713 -> 6095
These two ports are used by the transaction manager inside JBoss. They don't need to be available outside of the machine. So none of them needs a firewall rule to allow inbound traffic. I am proposing a different change to bind those ports to the loopback address so that they are not available even when the firewall is disabled: http://gerrit.ovirt.org/6349 I would disable them completely, but didn't find the way to do it yet.
As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we?
They don't require a firewall rule to allow incoming traffic. We could explain in the documentation that they are required, but only for communications internal to the machine. -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On Tuesday 17 July 2012 11:57 PM, Juan Hernandez wrote:
On 07/17/2012 08:19 PM, Steve Gordon wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: "Andrew Cathrow" <acathrow@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, July 16, 2012 3:27:02 PM Subject: Re: [Engine-devel] Proposed change in default port numbers
On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Monday, July 16, 2012 2:44:40 PM Subject: [Engine-devel] Proposed change in default port numbers
Hello all,
In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss. To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Correct, 80 and 443 will continue to be the default ports when using Apache as proxy in front of JBoss:
80 -> 80 (no change) 443 -> 443 (no change) 8080 -> 6090 8443 -> 6091 This is probably a stupid question, but what are the following ports used for:
8009 -> 6092 This port is used for the communication between the Apache web server and the JBoss application server using the AJP protocol. It doesn't need to be available outside of the machine.
The "Firewall Configuration" chapter of oVirt installation guide (http://wiki.ovirt.org/wiki/File:OVirt-3.0-Installation_Guide-en-US.pdf) says that ports 8006 through 8009 are required for network communication from "Administration Portal Clients" to "oVirt Engine".
4447 -> 6093 These port is used by the remoting capability of the application server: calling EJBs from external applications. We don't use it but it is required anyhow. It doesn't need to be available outside of the machine.
4712 -> 6094 4713 -> 6095 These two ports are used by the transaction manager inside JBoss. They don't need to be available outside of the machine.
So none of them needs a firewall rule to allow inbound traffic. I am proposing a different change to bind those ports to the loopback address so that they are not available even when the firewall is disabled:
I would disable them completely, but didn't find the way to do it yet.
As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we? They don't require a firewall rule to allow incoming traffic. We could explain in the documentation that they are required, but only for communications internal to the machine.
On 07/18/2012 11:39 AM, Shireesh Anjal wrote:
On Tuesday 17 July 2012 11:57 PM, Juan Hernandez wrote:
On 07/17/2012 08:19 PM, Steve Gordon wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: "Andrew Cathrow" <acathrow@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, July 16, 2012 3:27:02 PM Subject: Re: [Engine-devel] Proposed change in default port numbers
On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: engine-devel@ovirt.org Sent: Monday, July 16, 2012 2:44:40 PM Subject: [Engine-devel] Proposed change in default port numbers
Hello all,
In change http://gerrit.ovirt.org/6348 I am proposing to change the default port numbers used by the engine, in order to avoid conflicts with the default ports used by JBoss. To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Correct, 80 and 443 will continue to be the default ports when using Apache as proxy in front of JBoss:
80 -> 80 (no change) 443 -> 443 (no change) 8080 -> 6090 8443 -> 6091 This is probably a stupid question, but what are the following ports used for:
8009 -> 6092 This port is used for the communication between the Apache web server and the JBoss application server using the AJP protocol. It doesn't need to be available outside of the machine.
The "Firewall Configuration" chapter of oVirt installation guide (http://wiki.ovirt.org/wiki/File:OVirt-3.0-Installation_Guide-en-US.pdf) says that ports 8006 through 8009 are required for network communication from "Administration Portal Clients" to "oVirt Engine".
Sure this has roots in the past, but today we don't have any program listening in ports 8006, 8007 or 8008, and 8009 is only used for AJP, no one connects there from outside the machine. I proposed yet another change to remove the message about those ports from the setup tool: http://gerrit.ovirt.org/6386 I am not 100% sure, but if these ports are really not used then the documentation should also be updated.
4447 -> 6093 These port is used by the remoting capability of the application server: calling EJBs from external applications. We don't use it but it is required anyhow. It doesn't need to be available outside of the machine.
4712 -> 6094 4713 -> 6095 These two ports are used by the transaction manager inside JBoss. They don't need to be available outside of the machine.
So none of them needs a firewall rule to allow inbound traffic. I am proposing a different change to bind those ports to the loopback address so that they are not available even when the firewall is disabled:
I would disable them completely, but didn't find the way to do it yet.
As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we? They don't require a firewall rule to allow incoming traffic. We could explain in the documentation that they are required, but only for communications internal to the machine.
_______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
-- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
On 07/18/2012 12:46 PM, Juan Hernandez wrote:
On 07/18/2012 11:39 AM, Shireesh Anjal wrote:
On Tuesday 17 July 2012 11:57 PM, Juan Hernandez wrote:
On 07/17/2012 08:19 PM, Steve Gordon wrote:
----- Original Message -----
From: "Juan Hernandez" <jhernand@redhat.com> To: "Andrew Cathrow" <acathrow@redhat.com> Cc: engine-devel@ovirt.org Sent: Monday, July 16, 2012 3:27:02 PM Subject: Re: [Engine-devel] Proposed change in default port numbers
On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
----- Original Message ----- > From: "Juan Hernandez" <jhernand@redhat.com> > To: engine-devel@ovirt.org > Sent: Monday, July 16, 2012 2:44:40 PM > Subject: [Engine-devel] Proposed change in default port numbers > > Hello all, > > In change http://gerrit.ovirt.org/6348 I am proposing to change > the > default port numbers used by the engine, in order to avoid > conflicts > with the default ports used by JBoss. To be clear though even if we moved to use port 6090 for http and 6091 for https we'd still have 80/443 available through the installer.
Correct, 80 and 443 will continue to be the default ports when using Apache as proxy in front of JBoss:
80 -> 80 (no change) 443 -> 443 (no change) 8080 -> 6090 8443 -> 6091 This is probably a stupid question, but what are the following ports used for:
8009 -> 6092
This port is used for the communication between the Apache web server and the JBoss application server using the AJP protocol. It doesn't need to be available outside of the machine.
The "Firewall Configuration" chapter of oVirt installation guide (http://wiki.ovirt.org/wiki/File:OVirt-3.0-Installation_Guide-en-US.pdf) says that ports 8006 through 8009 are required for network communication from "Administration Portal Clients" to "oVirt Engine".
Sure this has roots in the past, but today we don't have any program listening in ports 8006, 8007 or 8008, and 8009 is only used for AJP, no one connects there from outside the machine. I proposed yet another change to remove the message about those ports from the setup tool:
I am not 100% sure, but if these ports are really not used then the documentation should also be updated.
documentation should be updated. these are the ports used by WPF client to connect to the C# service in 2.2...
4447 -> 6093
These port is used by the remoting capability of the application server: calling EJBs from external applications. We don't use it but it is required anyhow. It doesn't need to be available outside of the machine.
4712 -> 6094 4713 -> 6095
These two ports are used by the transaction manager inside JBoss. They don't need to be available outside of the machine.
So none of them needs a firewall rule to allow inbound traffic. I am proposing a different change to bind those ports to the loopback address so that they are not available even when the firewall is disabled:
I would disable them completely, but didn't find the way to do it yet.
As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we? They don't require a firewall rule to allow incoming traffic. We could explain in the documentation that they are required, but only for communications internal to the machine.
_______________________________________________ Engine-devel mailing list Engine-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-devel
participants (5)
-
Andrew Cathrow -
Itamar Heim -
Juan Hernandez -
Shireesh Anjal -
Steve Gordon