Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-14224

add firewalld Lustre service configuration

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • Lustre 2.14.0
    • 9223372036854775807

    Description

      RHEL8 ships with restrictive firewalld rules out of the box. This prevents servers and clients from connecting to each other. Add a lustre.xml service file, so that it is possible to use something like "firewall-cmd --permanent --zone=public --service=lustre" to add the Lustre service ports with minimal difficulty.

      It would be good if this was run automatically when the RPMs are installed, or when mount.lustre is run, but it isn't clear what is good/safe/correct in all cases. At least having the service file will be a starting point to make this easier for admins.

      It would be even better if the Lustre service rules were restricted to accepting only new connections, and clients would only accept requests from the MGS initially and then dynamically add ports for servers as they are configured, but this is beyond my firewalld-fu.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-18759 LNET avoid initiating server to client connection

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            [LU-14224] add firewalld Lustre service configuration
            pjones Peter Jones added a comment -

            Landed for 2.14

            pjones Peter Jones added a comment - Landed for 2.14
            gerrit Gerrit Updater added a comment -

            "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/41021/
            Subject: LU-14224 misc: add firewalld service configuration
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: 9cb4b10c87d2f3f53ce594d606a7b1b3d0cd18a6

            gerrit Gerrit Updater added a comment - "Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/41021/ Subject: LU-14224 misc: add firewalld service configuration Project: fs/lustre-release Branch: master Current Patch Set: Commit: 9cb4b10c87d2f3f53ce594d606a7b1b3d0cd18a6
            gerrit Gerrit Updater added a comment -

            Andreas Dilger (adilger@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/41021
            Subject: LU-14224 misc: add firewalld service configuration
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 373c2926a579e5d1ad484a4b3afcdfb47709b930

            gerrit Gerrit Updater added a comment - Andreas Dilger (adilger@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/41021 Subject: LU-14224 misc: add firewalld service configuration Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 373c2926a579e5d1ad484a4b3afcdfb47709b930

            People

              adilger Andreas Dilger
              adilger Andreas Dilger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: