[Users] Attach nfs domain to gluster dc
Juan Pablo Lorier
jplorier at gmail.com
Fri Dec 13 11:21:08 UTC 2013
Hi Sander,
I'll do the changes to the firewall as you mention. I'm running the
domain in a host as my engine is in a vm with low disk resources. I
don't know if there's a way to set up the domain automatically with
ovirt when it's deployed in a host.
Regards,
On 13/12/13 06:00, Sander Grendelman wrote:
> On Thu, Dec 12, 2013 at 5:01 PM, Juan Pablo Lorier <jplorier at gmail.com> wrote:
> ...
>> # nfs
>> -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 38467 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
>> -A INPUT -p udp -m udp --dport 2049 -j ACCEPT
>> -A INPUT -p udp -m udp --dport 41729 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 48491 -j ACCEPT
>> -A INPUT -p udp -m udp --dport 43828 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 48491 -j ACCEPT
>> -A INPUT -p udp -m udp --dport 47492 -j ACCEPT
>> -A INPUT -p tcp -m tcp --dport 58837 -j ACCEPT
> The above rules might break after a reboot.
>
> Best practice is to set the normally dynamic nfs ports to fixed
> values in /etc/sysconfig/nfs and then open those ports in the firewall.
>
>> Now I'm changing the settings by overriding the defaults in the domain
>> and auto negotiating the protocol. This firewall correction may be a
>> good thing to add in the deploy.
> Are you doing this on a node or on your engine server?
>
> The engine-setup configured both /etc/sysconfig/nfs and iptables for me
> on my engine server (for the iso domain).
More information about the Users
mailing list