[Engine-devel] Proposed change in default port numbers
Itamar Heim
iheim at redhat.com
Wed Jul 18 09:49:43 UTC 2012
On 07/18/2012 12:46 PM, Juan Hernandez wrote:
> On 07/18/2012 11:39 AM, Shireesh Anjal wrote:
>> On Tuesday 17 July 2012 11:57 PM, Juan Hernandez wrote:
>>> On 07/17/2012 08:19 PM, Steve Gordon wrote:
>>>> ----- Original Message -----
>>>>> From: "Juan Hernandez" <jhernand at redhat.com>
>>>>> To: "Andrew Cathrow" <acathrow at redhat.com>
>>>>> Cc: engine-devel at ovirt.org
>>>>> Sent: Monday, July 16, 2012 3:27:02 PM
>>>>> Subject: Re: [Engine-devel] Proposed change in default port numbers
>>>>>
>>>>> On 07/16/2012 09:21 PM, Andrew Cathrow wrote:
>>>>>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Juan Hernandez" <jhernand at redhat.com>
>>>>>>> To: engine-devel at ovirt.org
>>>>>>> Sent: Monday, July 16, 2012 2:44:40 PM
>>>>>>> Subject: [Engine-devel] Proposed change in default port numbers
>>>>>>>
>>>>>>> Hello all,
>>>>>>>
>>>>>>> In change http://gerrit.ovirt.org/6348 I am proposing to change
>>>>>>> the
>>>>>>> default port numbers used by the engine, in order to avoid
>>>>>>> conflicts
>>>>>>> with the default ports used by JBoss.
>>>>>> To be clear though even if we moved to use port 6090 for http and
>>>>>> 6091 for https we'd still have 80/443 available through the
>>>>>> installer.
>>>>> Correct, 80 and 443 will continue to be the default ports when using
>>>>> Apache as proxy in front of JBoss:
>>>>>
>>>>> 80 -> 80 (no change)
>>>>> 443 -> 443 (no change)
>>>>> 8080 -> 6090
>>>>> 8443 -> 6091
>>>> This is probably a stupid question, but what are the following ports used for:
>>>>
>>>>> 8009 -> 6092
>>> This port is used for the communication between the Apache web server
>>> and the JBoss application server using the AJP protocol. It doesn't need
>>> to be available outside of the machine.
>>
>> The "Firewall Configuration" chapter of oVirt installation guide
>> (http://wiki.ovirt.org/wiki/File:OVirt-3.0-Installation_Guide-en-US.pdf)
>> says that ports 8006 through 8009 are required for network communication
>> from "Administration Portal Clients" to "oVirt Engine".
>
> Sure this has roots in the past, but today we don't have any program
> listening in ports 8006, 8007 or 8008, and 8009 is only used for AJP, no
> one connects there from outside the machine. I proposed yet another
> change to remove the message about those ports from the setup tool:
>
> http://gerrit.ovirt.org/6386
>
> I am not 100% sure, but if these ports are really not used then the
> documentation should also be updated.
documentation should be updated.
these are the ports used by WPF client to connect to the C# service in
2.2...
>
>>>>> 4447 -> 6093
>>> These port is used by the remoting capability of the application server:
>>> calling EJBs from external applications. We don't use it but it is
>>> required anyhow. It doesn't need to be available outside of the machine.
>>>
>>>>> 4712 -> 6094
>>>>> 4713 -> 6095
>>> These two ports are used by the transaction manager inside JBoss. They
>>> don't need to be available outside of the machine.
>>>
>>> So none of them needs a firewall rule to allow inbound traffic. I am
>>> proposing a different change to bind those ports to the loopback address
>>> so that they are not available even when the firewall is disabled:
>>>
>>> http://gerrit.ovirt.org/6349
>>>
>>> I would disable them completely, but didn't find the way to do it yet.
>>>
>>>> As far as I know we don't have them listed anywhere in the documentation as requiring a firewall rule to allow them, should we?
>>> They don't require a firewall rule to allow incoming traffic. We could
>>> explain in the documentation that they are required, but only for
>>> communications internal to the machine.
>>>
>>
>>
>> _______________________________________________
>> Engine-devel mailing list
>> Engine-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/engine-devel
>>
>
>
More information about the Engine-devel
mailing list