<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor="white" lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">OK, so the stuff is there, but clearly not trivial to find, as it was easier for me to debug, get working and then grumble (note the
order) rather than find it myself on the web site, perhaps it is google that is rubbish. The change to fit with IANA guidelines makes sense though.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Something that is a fundamental behaviour change should surely be a whole lot easier to find than something that is blatantly wrong.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Anyhow thanks for the clarification.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Paul<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext">From:</span></b><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:windowtext"> Joe Julian [mailto:joe@julianfamily.org]
<br>
<b>Sent:</b> 30 October 2014 19:22<br>
<b>To:</b> Todd Stansell; Osborne, Paul (paul.osborne@canterbury.ac.uk); gluster-users@gluster.org<br>
<b>Subject:</b> Re: [Gluster-users] Firewall ports with v 3.5.2 grumble time<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><a href="https://github.com/gluster/glusterfs/blob/master/doc/admin-guide/en-US/markdown/admin_settingup_clients.md#installing-on-red-hat-package-manager-rpm-distributions">https://github.com/gluster/glusterfs/blob/master/doc/admin-guide/en-US/markdown/admin_settingup_clients.md#installing-on-red-hat-package-manager-rpm-distributions</a><br>
(also restated again under " Installing on Debian-based Distributions")<br>
<br>
Any thoughts on what would make this any easier to find?<o:p></o:p></p>
<div>
<p class="MsoNormal">On 10/30/2014 11:21 AM, Todd Stansell wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<pre>This is because in 3.4, they changed the brick port range. It's mentioned<o:p></o:p></pre>
<pre>on<o:p></o:p></pre>
<pre><a href="https://forge.gluster.org/gluster-docs-project/pages/GlusterFS_34_Release_No">https://forge.gluster.org/gluster-docs-project/pages/GlusterFS_34_Release_No</a><o:p></o:p></pre>
<pre>tes:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre> "Brick ports will now listen from 49152 onwards (instead of 24009 onwards<o:p></o:p></pre>
<pre>as with previous releases). The brick port assignment scheme is now<o:p></o:p></pre>
<pre>compliant with IANA guidelines."<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Sadly, documentation for gluster is very difficult to find what you need, in<o:p></o:p></pre>
<pre>my experience.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Todd<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-----Original Message-----<o:p></o:p></pre>
<pre>From: <a href="mailto:gluster-users-bounces@gluster.org">gluster-users-bounces@gluster.org</a><o:p></o:p></pre>
<pre>[<a href="mailto:gluster-users-bounces@gluster.org">mailto:gluster-users-bounces@gluster.org</a>] On Behalf Of Osborne, Paul<o:p></o:p></pre>
<pre>(<a href="mailto:paul.osborne@canterbury.ac.uk">paul.osborne@canterbury.ac.uk</a>)<o:p></o:p></pre>
<pre>Sent: Thursday, October 30, 2014 6:59 AM<o:p></o:p></pre>
<pre>To: <a href="mailto:gluster-users@gluster.org">gluster-users@gluster.org</a><o:p></o:p></pre>
<pre>Subject: [Gluster-users] Firewall ports with v 3.5.2 grumble time<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Hi,<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I have a requirement to run my gluster hosts within a firewalled section of<o:p></o:p></pre>
<pre>network and where the consumer hosts are in a different segment due to IP<o:p></o:p></pre>
<pre>address preservation, part of our security policy requires that we run local<o:p></o:p></pre>
<pre>firewalls on every host so I have to get the network access locked down<o:p></o:p></pre>
<pre>appropriately.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I am running 3.5.2 using the packages provided in the Gluster package<o:p></o:p></pre>
<pre>repository as my Linux distribution only includes packages for 3.2 which<o:p></o:p></pre>
<pre>seems somewhat ancient.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Following the documentation here:<o:p></o:p></pre>
<pre><a href="http://www.gluster.org/community/documentation/index.php/Basic_Gluster_Troub">http://www.gluster.org/community/documentation/index.php/Basic_Gluster_Troub</a><o:p></o:p></pre>
<pre>leshooting<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>I opened up the relevant ports: <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>34865 - 34867 for gluster<o:p></o:p></pre>
<pre>111 for the portmapper<o:p></o:p></pre>
<pre>24009 - 24012 as I am using 2 bricks<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>This though contradicts:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://gluster.org/community/documentation/index.php/Gluster_3.2:_Installing">http://gluster.org/community/documentation/index.php/Gluster_3.2:_Installing</a><o:p></o:p></pre>
<pre>_GlusterFS_on_Red_Hat_Package_Manager_(RPM)_Distributions<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Which says:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>"Ensure that TCP ports 111, 24007,24008, 24009-(24009 + number of bricks<o:p></o:p></pre>
<pre>across all volumes) are open on all Gluster servers. If you will be using<o:p></o:p></pre>
<pre>NFS, open additional ports 38465 to 38467"<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>What has not been helpful is that there was no mention of port: 2049 for NFS<o:p></o:p></pre>
<pre>over TCP - which would have been helpful and probably my own mistake as I<o:p></o:p></pre>
<pre>should have known.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>To really confuse matters I noticed that the bricks were not syncing anyway,<o:p></o:p></pre>
<pre>and a look at the logs reveals:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>/var/log/glusterfs/glfsheal-www.log:[2014-10-30 07:39:48.428286] I<o:p></o:p></pre>
<pre>[client-handshake.c:1462:client_setvolume_cbk] 0-www-client-1: Connected to<o:p></o:p></pre>
<pre>111.222.333.444:49154, attached to remote volume '/srv/hod/lampe-www'.<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>along with other entries that show that I also actually need ports: 49154<o:p></o:p></pre>
<pre>and 49155 open. <o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>even gluster volume status reveals some of the ports:<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>gluster> volume status<o:p></o:p></pre>
<pre>Status of volume: www<o:p></o:p></pre>
<pre>Gluster process Port Online Pid<o:p></o:p></pre>
<pre>----------------------------------------------------------------------------<o:p></o:p></pre>
<pre>--<o:p></o:p></pre>
<pre>Brick 194.82.210.140:/srv/hod/lampe-www 49154 Y 3035<o:p></o:p></pre>
<pre>Brick 194.82.210.130:/srv/hod/lampe-www 49155 Y<o:p></o:p></pre>
<pre>16160<o:p></o:p></pre>
<pre>NFS Server on localhost 2049 Y<o:p></o:p></pre>
<pre>16062<o:p></o:p></pre>
<pre>Self-heal Daemon on localhost N/A Y<o:p></o:p></pre>
<pre>16072<o:p></o:p></pre>
<pre>NFS Server on gfse-isr-01 2049 Y 3040<o:p></o:p></pre>
<pre>Self-heal Daemon on gfse-isr-01 N/A Y 3045<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Task Status of Volume www<o:p></o:p></pre>
<pre>----------------------------------------------------------------------------<o:p></o:p></pre>
<pre>--<o:p></o:p></pre>
<pre>There are no active volume tasks<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><o:p> </o:p></pre>
<pre>So my query here is, if the bricks are actually using 49154 & 49155 (which<o:p></o:p></pre>
<pre>they appear to be) why is this not mentioned in the documentation and are<o:p></o:p></pre>
<pre>there any other ports that I should be aware of?<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Thanks<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Paul<o:p></o:p></pre>
<pre>--<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>Paul Osborne<o:p></o:p></pre>
<pre>Senior Systems Engineer<o:p></o:p></pre>
<pre>Infrastructure Services<o:p></o:p></pre>
<pre>IT Department<o:p></o:p></pre>
<pre>Canterbury Christ Church University<o:p></o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gluster-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a><o:p></o:p></pre>
<pre><a href="http://supercolony.gluster.org/mailman/listinfo/gluster-users">http://supercolony.gluster.org/mailman/listinfo/gluster-users</a><o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gluster-users mailing list<o:p></o:p></pre>
<pre><a href="mailto:Gluster-users@gluster.org">Gluster-users@gluster.org</a><o:p></o:p></pre>
<pre><a href="http://supercolony.gluster.org/mailman/listinfo/gluster-users">http://supercolony.gluster.org/mailman/listinfo/gluster-users</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>