[LU-14224] add firewalld Lustre service configuration Created: 16/Dec/20 Updated: 14/Feb/23 Resolved: 14/Feb/23 |
|
| Status: | Resolved |
| Project: | Lustre |
| Component/s: | None |
| Affects Version/s: | Lustre 2.14.0 |
| Fix Version/s: | Lustre 2.16.0 |
| Type: | Improvement | Priority: | Minor |
| Reporter: | Andreas Dilger | Assignee: | Andreas Dilger |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | rhel8 | ||
| Issue Links: |
|
||||
| Rank (Obsolete): | 9223372036854775807 | ||||
| Description |
|
RHEL8 ships with restrictive firewalld rules out of the box. This prevents servers and clients from connecting to each other. Add a lustre.xml service file, so that it is possible to use something like "firewall-cmd --permanent --zone=public --service=lustre" to add the Lustre service ports with minimal difficulty. It would be good if this was run automatically when the RPMs are installed, or when mount.lustre is run, but it isn't clear what is good/safe/correct in all cases. At least having the service file will be a starting point to make this easier for admins. It would be even better if the Lustre service rules were restricted to accepting only new connections, and clients would only accept requests from the MGS initially and then dynamically add ports for servers as they are configured, but this is beyond my firewalld-fu. |
| Comments |
| Comment by Gerrit Updater [ 17/Dec/20 ] |
|
Andreas Dilger (adilger@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/41021 |
| Comment by Gerrit Updater [ 14/Feb/23 ] |
|
"Oleg Drokin <green@whamcloud.com>" merged in patch https://review.whamcloud.com/c/fs/lustre-release/+/41021/ |
| Comment by Peter Jones [ 14/Feb/23 ] |
|
Landed for 2.14 |