Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-14224

add firewalld Lustre service configuration

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.16.0
    • Lustre 2.14.0
    • 9223372036854775807

    Description

      RHEL8 ships with restrictive firewalld rules out of the box. This prevents servers and clients from connecting to each other. Add a lustre.xml service file, so that it is possible to use something like "firewall-cmd --permanent --zone=public --service=lustre" to add the Lustre service ports with minimal difficulty.

      It would be good if this was run automatically when the RPMs are installed, or when mount.lustre is run, but it isn't clear what is good/safe/correct in all cases. At least having the service file will be a starting point to make this easier for admins.

      It would be even better if the Lustre service rules were restricted to accepting only new connections, and clients would only accept requests from the MGS initially and then dynamically add ports for servers as they are configured, but this is beyond my firewalld-fu.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-18759 LNET avoid initiating server to client connection

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

          Activity

            People

              adilger Andreas Dilger
              adilger Andreas Dilger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: