You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by "Svetoslav Neykov (JIRA)" <ji...@apache.org> on 2017/06/19 09:47:00 UTC
[jira] [Resolved] (BROOKLYN-41) openIptables config appears to
customise entries for requested ports, not assigned
[ https://issues.apache.org/jira/browse/BROOKLYN-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Svetoslav Neykov resolved BROOKLYN-41.
--------------------------------------
Resolution: Fixed
Fix Version/s: 0.12.0
Should've been fixed with https://github.com/apache/brooklyn-server/pull/713.
> openIptables config appears to customise entries for requested ports, not assigned
> ----------------------------------------------------------------------------------
>
> Key: BROOKLYN-41
> URL: https://issues.apache.org/jira/browse/BROOKLYN-41
> Project: Brooklyn
> Issue Type: Bug
> Reporter: Sam Corbett
> Fix For: 0.12.0
>
>
> I set the openIptables config option on a location and deployed an app with one Java app and seven Redis databases.
> I expected Brooklyn to configure the Iptables firewall with an entry for each Redis databse port, but instead saw only one entry. My guess is that it's customising based on the requested ports, not those that were assigned.
> Output from the server:
> {code}
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ ps aux | grep redis
> sam 8153 0.0 0.0 137344 7256 ? Ssl 16:51 0:00 ./bin/redis-server *:6383
> sam 8173 0.0 0.0 137344 7380 ? Ssl 16:51 0:00 ./bin/redis-server *:6382
> sam 8499 0.0 0.0 137344 7348 ? Ssl 16:51 0:00 ./bin/redis-server *:6380
> sam 8641 0.0 0.0 137344 7376 ? Ssl 16:51 0:00 ./bin/redis-server *:6385
> sam 9362 0.0 0.0 137344 7256 ? Ssl 16:51 0:00 ./bin/redis-server *:6379
> sam 9547 0.0 0.0 137344 7380 ? Ssl 16:52 0:00 ./bin/redis-server *:6381
> sam 10043 0.0 0.0 137344 7380 ? Ssl 16:52 0:00 ./bin/redis-server *:6384
> sam 17293 0.0 0.0 103248 840 pts/0 S+ 17:02 0:00 grep redis
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ sudo service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num target prot opt source destination
> 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1099
> 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:31001
> 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:61616
> 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6379
> 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
> 6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
> 7 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
> 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
> 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
> Chain FORWARD (policy ACCEPT)
> num target prot opt source destination
> 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
> Chain OUTPUT (policy ACCEPT)
> num target prot opt source destination
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$
> {code}
> I would expect six more entries of the form 'tcp dpt:6379' for ports 6380-6385.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)