The server needs very basic configuration procedure.
The management network interface for web console, ssh, CLI is usually created during installation time itself. For Cloud computing instances it is usually the default network that gets assigned. For any additional network interfaces network configuration can be done using
MayaNAS server program is designed to work with SeLinux and firewall rules. There is no real requirement to disable them.
Explanation of SeLinux interaction with following components
Our service is secure ssh based interaction between MayaNAS servers that uses ssh_t secontext as required. Usually no impact form selinux.
The service script will properly setup customized policy drbdrepli for DRBD when selinux is active.
Customized selinux policy update for HeartBeat ping is done automatically when selinux is active.
SeLinux adds additional overhead to ZFS by adding xattr on the files and directories. It maybe worthwhile disabling it when SeLinux is not really needed.
The required firewall ports for MayaNAS services are automatically opened during installation time or at operation time.
The configuration server for MayaNAS is standard RPC daemon similar to NFS services program (mountd,lockd) registered with portmapper daemon rpcbind. The CLI program that contacts maya.configd can be run locally, from another client using ONC RPC/XDR mechanism. This makes the program flexible and cross-platform, and be run from Windows also. You would need to restrict the client access by using TCP wrapper mechanism as you would for any network service related program.
The default TCP port for web console is 2020. It is registered to firewalld as mayastor-gui service.
Uses standard iSCSI TCP Port 3260 and has to be opened.
No additional ports required as it uses SSH pubkey based authentication
Each DRBD configured volume requires TCP port and the script will open-up port with firewalld. It will remove the TCP port when drbd volume is removed.
Needs UDP port 694 to be opened.
On Cloud instances the firewalld rules are usually configured to allow all traffic between the private networks. Only for web console firewall rule has to configured to allow the TCP port 2020 for web GUI. |
The Configure Server is for entering general bookkeeping information for your reference only.
This configuration is for
Viewing or Editing network information for enet controllers
Viewing or Assign Initiator or Target mode of operation for FC controllers
MayaNAS server will create a default iSCSI target name based on system hostname and hostid, while provisioning iSCSI volume to hosts. But you can create additional iSCSI target names and iSCSI portals to control the iSCSI service over particular subnet.