You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@brooklyn.apache.org by "Svetoslav Neykov (JIRA)" <ji...@apache.org> on 2017/06/19 09:47:00 UTC

[jira] [Resolved] (BROOKLYN-41) openIptables config appears to customise entries for requested ports, not assigned

     [ https://issues.apache.org/jira/browse/BROOKLYN-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Svetoslav Neykov resolved BROOKLYN-41.
--------------------------------------
       Resolution: Fixed
    Fix Version/s: 0.12.0

Should've been fixed with https://github.com/apache/brooklyn-server/pull/713.

> openIptables config appears to customise entries for requested ports, not assigned
> ----------------------------------------------------------------------------------
>
>                 Key: BROOKLYN-41
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-41
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Sam Corbett
>             Fix For: 0.12.0
>
>
> I set the openIptables config option on a location and deployed an app with one Java app and seven Redis databases.
> I expected Brooklyn to configure the Iptables firewall with an entry for each Redis databse port, but instead saw only one entry. My guess is that it's customising based on the requested ports, not those that were assigned.
> Output from the server:
> {code}
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ ps aux | grep redis
> sam       8153  0.0  0.0 137344  7256 ?        Ssl  16:51   0:00 ./bin/redis-server *:6383
> sam       8173  0.0  0.0 137344  7380 ?        Ssl  16:51   0:00 ./bin/redis-server *:6382
> sam       8499  0.0  0.0 137344  7348 ?        Ssl  16:51   0:00 ./bin/redis-server *:6380
> sam       8641  0.0  0.0 137344  7376 ?        Ssl  16:51   0:00 ./bin/redis-server *:6385
> sam       9362  0.0  0.0 137344  7256 ?        Ssl  16:51   0:00 ./bin/redis-server *:6379
> sam       9547  0.0  0.0 137344  7380 ?        Ssl  16:52   0:00 ./bin/redis-server *:6381
> sam      10043  0.0  0.0 137344  7380 ?        Ssl  16:52   0:00 ./bin/redis-server *:6384
> sam      17293  0.0  0.0 103248   840 pts/0    S+   17:02   0:00 grep redis
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ sudo service iptables status
> Table: filter
> Chain INPUT (policy ACCEPT)
> num  target     prot opt source               destination
> 1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:1099
> 2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:31001
> 3    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:61616
> 4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:6379
> 5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
> 6    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
> 7    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
> 8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> 9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
> 10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
> Chain FORWARD (policy ACCEPT)
> num  target     prot opt source               destination
> 1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
> Chain OUTPUT (policy ACCEPT)
> num  target     prot opt source               destination
> [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$
> {code}
> I would expect six more entries of the form 'tcp dpt:6379' for ports 6380-6385.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)