Show Table of Contents
Chapter 3. Considerations for Red Hat Gluster Storage
3.1. Firewall and Port Access
Red Hat Gluster Storage requires access to a number of ports in order to work properly. Ensure that port access is available as indicated in Section 3.1.2, “Port Access Requirements”.
3.1.1. Configuring the Firewall
Firewall configuration tools differ between Red Hat Entperise Linux 6 and Red Hat Enterprise Linux 7.
For Red Hat Enterprise Linux 6, use the
iptables command to open a port:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5667 -j ACCEPT # service iptables save
For Red Hat Enterprise Linux 7, if default ports are in use, it is usually simpler to add a service rather than open a port:
# firewall-cmd --zone=zone_name --add-service=glusterfs # firewall-cmd --zone=zone_name --add-service=glusterfs --permanent
However, if the default ports are already in use, you can open a specific port with the following command:
# firewall-cmd --zone=zone_name --add-port=port/protocol # firewall-cmd --zone=zone_name --add-port=port/protocol --permanent
For example:
# firewall-cmd --zone=public --add-port=5667/tcp # firewall-cmd --zone=public --add-port=5667/tcp --permanent
3.1.2. Port Access Requirements
Table 3.1. Open the following ports on all storage servers
| Connection source | TCP Ports | UDP Ports | Recommended for | Used for |
|---|---|---|---|---|
| Any authorized network entity with a valid SSH key | 22 | - | All configurations | Remote backup using geo-replication |
| Any authorized network entity; be cautious not to clash with other RPC services. | 111 | 111 | All configurations | RPC port mapper and RPC bind |
| Any authorized SMB/CIFS client | 139 and 445 | 137 and 138 | Sharing storage using SMB/CIFS | SMB/CIFS protocol |
| Any authorized NFS clients | 2049 | 2049 | Sharing storage using Gluster NFS or NFS-Ganesha | Exports using NFS protocol |
| All servers in the Samba-CTDB cluster | 4379 | - | Sharing storage using SMB and Gluster NFS | CTDB |
| Any authorized network entity | 24007 | - | All configurations | Management processes using glusterd |
| Any authorized network entity | 24009 | - | All configurations | Gluster events daemon |
| Any network entity monitored by Nagios | 5666 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | NRPE service |
| NFSv3 clients | 662 | 662 | Sharing storage using NFS-Ganesha and Gluster NFS | statd |
| NFSv3 clients | 32803 | 32803 | Sharing storage using NFS-Ganesha and Gluster NFS | NLM protocol |
| NFSv3 clients sending mount requests | - | 32769 | Sharing storage using Gluster NFS | Gluster NFS MOUNT protocol |
| NFSv3 clients sending mount requests | 20048 | 20048 | Sharing storage using NFS-Ganesha | NFS-Ganesha MOUNT protocol |
| NFS clients | 875 | 875 | Sharing storage using NFS-Ganesha | NFS-Ganesha RQUOTA protocol (fetching quota information) |
| Servers in pacemaker/corosync cluster | 2224 | - | Sharing storage using NFS-Ganesha | pcsd |
| Servers in pacemaker/corosync cluster | 3121 | - | Sharing storage using NFS-Ganesha | pacemaker_remote |
| Servers in pacemaker/corosync cluster | - | 5404 and 5405 | Sharing storage using NFS-Ganesha | corosync |
| Servers in pacemaker/corosync cluster | 21064 | - | Sharing storage using NFS-Ganesha | dlm |
| Any authorized network entity to access gluster-swift proxy server via SSL/TLS mode; SSL/TLS cert is required. | 443 | - | Object storage configurations | HTTPS requests |
| Any authorized network entity with valid object server gluster-swift credentials | 6010 | - | Object storage configurations | Object server |
| Any authorized network entity with valid container server gluster-swift credentials | 6011 | - | Object storage configurations | Container server |
| Any authorized network entity with valid gluster-swift account credentials | 6012 | - | Object storage configurations | Account server |
| Any authorized network entity with valid gluster-swift proxy credentials | 8080 | - | Object storage configurations | Proxy server |
| Any authorized network entity | 49152 - 49664 | - | All configurations | Brick communication ports. The total number of ports required depends on the number of bricks on the node. One port is required for each brick on the machine. |
Table 3.2. Open the following ports on NFS-Ganesha and Gluster NFS storage clients
| Connection source | TCP Ports | UDP Ports | Recommended for | Used for |
|---|---|---|---|---|
| NFSv3 servers | 662 | 662 | Sharing storage using NFS-Ganesha and Gluster NFS | statd |
| NFSv3 servers | 32803 | 32803 | Sharing storage using NFS-Ganesha and Gluster NFS | NLM protocol |
Table 3.3. Open the following ports on all Nagios servers
| Connection source | TCP Ports | UDP Ports | Recommended for | Used for |
|---|---|---|---|---|
| Console clients | 80 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | HTTP protocol when Nagios server runs on a Red Hat Gluster Storage server |
| Console clients | 443 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | HTTPS protocol when Nagios server runs on a Red Hat Gluster Storage server |
| Servers monitored by Nagios | 5667 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | NSCA service when Nagios server runs on a Red Hat Gluster Storage server |