git://git.whamcloud.com - fs/lustre-release.git/commit

author	Andreas Dilger <adilger@whamcloud.com>
	Wed, 7 Apr 2021 19:37:42 +0000 (12:37 -0700)
committer	Oleg Drokin <green@whamcloud.com>
	Tue, 14 Feb 2023 06:03:55 +0000 (06:03 +0000)
commit	9cb4b10c87d2f3f53ce594d606a7b1b3d0cd18a6
tree	f1ddf07a31fe035d212c08ba4581fba4f5e58259	tree \| snapshot
parent	3c69d46e1766480c0ffd1bef840b4e167b4cf88e	commit \| diff

LU-14224 misc: add firewalld service configuration

RHEL8 ships with restrictive firewalld rules out of the box.
This prevents servers and clients from connecting to each other.
Add a lustre.xml service file for firewalld, so that it is easy
to run a command like:

firewall-cmd --permanent --zone=public --add-service=lustre

to add the Lustre service ports with minimal difficulty.

It would be good if this was run automatically when the RPMs are
installed, or when mount.lustre is run, but it isn't clear what
is good/safe/correct in all cases. At least having the service
file will be a starting point to make this easier for admins.

It would be even better if the Lustre service rules were restricted
to accepting only new connections, and clients would only accept
requests from the MGS initially and then dynamically add ports for
servers as they are configured, but this is beyond my firewalld-fu.

Test-Parameters: trivial
Signed-off-by: Andreas Dilger <adilger@whamcloud.com>
Change-Id: I9f49d4b0df1c9fb6b343df81f966d9110c300c1e
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/41021
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Olaf Faaland <faaland1@llnl.gov>
Reviewed-by: Alex Deiter <alex.deiter@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre.spec.in		diff \| blob \| history
lustre/conf/Makefile.am		diff \| blob \| history
lustre/conf/lustre.xml	[new file with mode: 0644]	blob