firewall questions - Ken Dreyer

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ken Dreyer <kdreyer@redhat.com>
To: "ceph-devel@vger.kernel.org" <ceph-devel@vger.kernel.org>
Subject: firewall questions
Date: Wed, 20 May 2015 14:07:46 -0600	[thread overview]
Message-ID: <555CE992.10703@redhat.com> (raw)

It would be really convenient to have human-readable firewalld service
definitions for Ceph, so that users could do things like:

  firewall-cmd --add-service=ceph-mon

or

  firewall-cmd --add-service=ceph

... instead of having to know specific port numbers to open.

In order to submit service definitions to firewalld upstream, I had a
couples questions:

1. In April there was a mailing list thread about the IANA #821110
ticket Sage filed for ceph-mon. Did anything come of that? I filed
http://tracker.ceph.com/issues/11689 to track this in Redmine.

2. I talked recently with Sam about the possible ports an OSD could use,
and our conversation made me think that our firewall docs for OSDs and
MDSs might need to be updated: http://tracker.ceph.com/issues/11688

Currently the docs say "calculate the number of OSDs or MDSs you're
running and that will tell you what ports to open". That makes it hard
to write a service definition for firewalld, since those are just a list
of static ports.

3. Lastly, on a scale of "yeah, sounds do-able" to "everything will come
to a grinding halt", how hard would it be to run with firewalls enabled
in our sepia and typica labs that are running Teuthology? :) Do our
Teuthology tests use TCP ports outside of 80, 6789, and 6800-7300 ?

- Ken

next             reply	other threads:[~2015-05-20 20:07 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-05-20 20:07 Ken Dreyer [this message]
2015-05-20 22:53 ` firewall questions Sage Weil
2015-05-21 15:36   ` Ken Dreyer
2015-05-21 15:37     ` Sage Weil
2015-05-21 20:33       ` Ken Dreyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=555CE992.10703@redhat.com \
    --to=kdreyer@redhat.com \
    --cc=ceph-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.