Chapter 3. Considerations for Red Hat Gluster Storage
3.1. Firewall and Port Access
3.1.1. Configuring the Firewall
iptables
command to open a port:
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5667 -j ACCEPT # service iptables save
# firewall-cmd --zone=zone_name --add-service=glusterfs # firewall-cmd --zone=zone_name --add-service=glusterfs --permanent
# firewall-cmd --zone=zone_name --add-port=port/protocol # firewall-cmd --zone=zone_name --add-port=port/protocol --permanent
# firewall-cmd --zone=public --add-port=5667/tcp # firewall-cmd --zone=public --add-port=5667/tcp --permanent
3.1.2. Port Access Requirements
Table 3.1. Open the following ports on all storage servers
Connection source | TCP Ports | UDP Ports | Recommended for | Used for |
---|---|---|---|---|
Any authorized network entity with a valid SSH key | 22 | - | All configurations | Remote backup using geo-replication |
Any authorized network entity; be cautious not to clash with other RPC services. | 111 | 111 | All configurations | RPC port mapper and RPC bind |
Any authorized SMB/CIFS client | 139 and 445 | 137 and 138 | Sharing storage using SMB/CIFS | SMB/CIFS protocol |
Any authorized NFS clients | 2049 | 2049 | Sharing storage using Gluster NFS or NFS-Ganesha | Exports using NFS protocol |
All servers in the Samba-CTDB cluster | 4379 | - | Sharing storage using SMB and Gluster NFS | CTDB |
Any authorized network entity | 24007 | - | All configurations | Management processes using glusterd |
Any authorized network entity | 24009 | - | All configurations | Gluster events daemon |
Any network entity monitored by Nagios | 5666 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | NRPE service |
NFSv3 clients | 662 | 662 | Sharing storage using NFS-Ganesha and Gluster NFS | statd |
NFSv3 clients | 32803 | 32803 | Sharing storage using NFS-Ganesha and Gluster NFS | NLM protocol |
NFSv3 clients sending mount requests | - | 32769 | Sharing storage using Gluster NFS | Gluster NFS MOUNT protocol |
NFSv3 clients sending mount requests | 20048 | 20048 | Sharing storage using NFS-Ganesha | NFS-Ganesha MOUNT protocol |
NFS clients | 875 | 875 | Sharing storage using NFS-Ganesha | NFS-Ganesha RQUOTA protocol (fetching quota information) |
Servers in pacemaker/corosync cluster | 2224 | - | Sharing storage using NFS-Ganesha | pcsd |
Servers in pacemaker/corosync cluster | 3121 | - | Sharing storage using NFS-Ganesha | pacemaker_remote |
Servers in pacemaker/corosync cluster | - | 5404 and 5405 | Sharing storage using NFS-Ganesha | corosync |
Servers in pacemaker/corosync cluster | 21064 | - | Sharing storage using NFS-Ganesha | dlm |
Any authorized network entity to access gluster-swift proxy server via SSL/TLS mode; SSL/TLS cert is required. | 443 | - | Object storage configurations | HTTPS requests |
Any authorized network entity with valid object server gluster-swift credentials | 6010 | - | Object storage configurations | Object server |
Any authorized network entity with valid container server gluster-swift credentials | 6011 | - | Object storage configurations | Container server |
Any authorized network entity with valid gluster-swift account credentials | 6012 | - | Object storage configurations | Account server |
Any authorized network entity with valid gluster-swift proxy credentials | 8080 | - | Object storage configurations | Proxy server |
Any authorized network entity | 49152 - 49664 | - | All configurations | Brick communication ports. The total number of ports required depends on the number of bricks on the node. One port is required for each brick on the machine. |
Table 3.2. Open the following ports on NFS-Ganesha and Gluster NFS storage clients
Connection source | TCP Ports | UDP Ports | Recommended for | Used for |
---|---|---|---|---|
NFSv3 servers | 662 | 662 | Sharing storage using NFS-Ganesha and Gluster NFS | statd |
NFSv3 servers | 32803 | 32803 | Sharing storage using NFS-Ganesha and Gluster NFS | NLM protocol |
Table 3.3. Open the following ports on all Nagios servers
Connection source | TCP Ports | UDP Ports | Recommended for | Used for |
---|---|---|---|---|
Console clients | 80 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | HTTP protocol when Nagios server runs on a Red Hat Gluster Storage server |
Console clients | 443 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | HTTPS protocol when Nagios server runs on a Red Hat Gluster Storage server |
Servers monitored by Nagios | 5667 | - | Monitoring using Red Hat Gluster Storage Console and Nagios | NSCA service when Nagios server runs on a Red Hat Gluster Storage server |