La página que has solicitado no está disponible en tu idioma. Puedes traducir cualquier página web al instante al idioma que prefieras con la función de traducción integrada de Google Chrome.

Configuring Elastifile FW Rules Manually

Introduction

You should visit that page in case that your service account who deploying the Elastifile system does not have the roles/compute.securityAdmin permission.

If this is the case, you will see the following warning message as part of the validation phase: 

checking prerequisites

 

Elastifile requires 4 different FW rules which are restricted to the cluster operational only:

  1. elastifile-storage-management-<cluster_hash>
  2. elastifile-storage-service-<cluster_hash>
  3. elastifile-ra-service-<cluster_hash>
  4. elastifile-storage-client-<cluster_hash>

Solution

In order to overcome that scenario, you need to configure the FW rules manually ones.

Please follow the below 'prerequisites' and 'configuration' sections.

 

Prerequisites

  1. The user who runs the commands should has the roles/compute.securityAdmin role in the required project.
  2. Note the cluster hash label by clicking the elastifile management server instance in the GCP console.

VM instance label cluster-hash

 

 

Configuration

# The following are examples only. Please modify per your own environment.
$ HASH="8b77e1d1"
$ PROJECT="support-team-a"
$ VPC_NETWORK="snir-network"
$ VPC_SUBNET_RANGE="10.164.0.0/20"


$ gcloud compute --project=$PROJECT firewall-rules create elastifile-storage-management-$HASH --description="Elastifile Storage Management firewall rules" --direction=INGRESS --priority=1000 --network=$VPC_NETWORK --action=ALLOW --rules=tcp:22,tcp:53,tcp:80,tcp:443,tcp:10014-10017,udp:53,udp:123,udp:6667,icmp --source-ranges=$VPC_SUBNET_RANGE --source-tags=elastifile-storage-node-$HASH,elastifile-replication-node-$HASH,elastifile-management-node-$HASH --target-tags=elastifile-management-node-$HASH

$ gcloud compute --project=$PROJECT firewall-rules create elastifile-storage-service-$HASH --description="Elastifile Storage Service firewall rules" --direction=INGRESS --priority=1000 --network=$VPC_NETWORK --action=ALLOW --rules=tcp:22,tcp:12121,tcp:10015-10018,tcp:1112-1132,tcp:2221-2241,tcp:8000-9224,tcp:10028,tcp:32768-60999,udp:6667,udp:8000-9224,udp:32768-60999,icmp --source-ranges=$VPC_SUBNET_RANGE --source-tags=elastifile-management-node-$HASH,elastifile-storage-node-$HASH,elastifile-replication-node-$HASH --target-tags=elastifile-storage-node-$HASH

$ gcloud compute --project=$PROJECT firewall-rules create elastifile-ra-service-$HASH --description="Elastifile Replication Agent Service firewall rules" --direction=INGRESS --priority=1000 --network=$VPC_NETWORK --action=ALLOW --rules=tcp:22,tcp:80,tcp:443,tcp:10018,tcp:10015,tcp:10028,tcp:12121,icmp --source-ranges=$VPC_SUBNET_RANGE --source-tags=elastifile-storage-node-$HASH,elastifile-management-node-$HASH --target-tags=elastifile-replication-node-$HASH

$ gcloud compute --project=$PROJECT firewall-rules create elastifile-storage-client-$HASH --description="Elastifile Client firewall rules" --direction=INGRESS --priority=1000 --network=$VPC_NETWORK --action=ALLOW --rules=tcp:111,tcp:644,tcp:2049,tcp:4040,tcp:4045,udp:111,udp:644,udp:2049,udp:4040,udp:4045,icmp --source-ranges=$VPC_SUBNET_RANGE --source-tags=elastifile-clients-$HASH,elastifile-replication-node-$HASH --target-tags=elastifile-storage-node-$HASH

 

* Note that each Elastifile system requires its set of FW rules per its own hash

Was this helpful?

How can we improve it?
true
Search
Clear search
Close search
Main menu
11945180803794209030
true
Search Help Center
true
true
true
false
false