[gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
Markus Rohwedder
rohwedder at de.ibm.com
Thu Aug 23 12:50:32 BST 2018
Hello Juri, Keith,
thank you for your responses.
The internal services communicate on the privileged ports, for backwards
compatibility and firewall simplicity reasons. We can not just assume all
nodes in the cluster are at the latest level.
Running two services at the same port on different IP addresses could be an
option to consider for co-existance of the GUI and another service on the
same node.
However we have not set up, tested nor documented such a configuration as
of today.
Currently the GUI service manages the iptables redirect bring up and tear
down.
If this would be managed externally it would be possible to bind services
to specific ports based on specific IPs.
In order to create custom redirect rules based on IP address it is
necessary to instruct the GUI to
- not check for already used ports when the GUI service tries to start up
- don't create/destroy port forwarding rules during GUI service start and
stop.
This GUI behavior can be configured using the internal flag
UPDATE_IPTABLES in the service configuration with the 5.0.1.2 GUI code
level.
The service configuration is not stored in the cluster configuration and
may be overwritten during code upgrades, so these settings may have to be
added again after an upgrade.
See this KC link:
https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adv_firewallforgui.htm
Mit freundlichen Grüßen / Kind regards
Dr. Markus Rohwedder
Spectrum Scale GUI Development
Phone: +49 7034 6430190 IBM Deutschland Research &
Development
E-Mail: rohwedder at de.ibm.com Am Weiher 24
65451 Kelsterbach
Germany
From: "Daniel Kidger" <daniel.kidger at uk.ibm.com>
To: gpfsug-discuss at spectrumscale.org
Cc: gpfsug-discuss at spectrumscale.org
Date: 23.08.2018 12:13
Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale
GUI
Sent by: gpfsug-discuss-bounces at spectrumscale.org
Keith,
I have another IBM customer who also wished to move Scale GUI's https
ports.
In their case because they had their own web based management interface on
the same https port.
Is this the same reason that you have?
If so I wonder how many other sites have the same issue?
One workaround that was suggested at the time, was to add a second IP
address to the node (piggy-backing on 'eth0').
Then run the two different GUIs, one per IP address.
Is this an option, albeit a little ugly?
Daniel
Dr Daniel Kidger
IBM Technical Sales
Specialist
Software Defined Solution
Sales
+44-(0)7818 522 266
daniel.kidger at uk.ibm.com
----- Original message -----
From: "Markus Rohwedder" <rohwedder at de.ibm.com>
Sent by: gpfsug-discuss-bounces at spectrumscale.org
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Cc:
Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale
GUI
Date: Thu, Aug 23, 2018 9:51 AM
Hello Keith,
it is not so easy.
The GUI receives events from other scale components using the currently
defined ports.
Changing the GUI ports will cause breakage in the GUI stack at several
places (internal watchdog functions, interlock with health events,
interlock with CES).
Therefore at this point there is no procedure to change this behaviour
across all components.
Because the GUI service does not run as root. the GUI server does not
serve the privileged ports 80 and 443 directly but rather 47443 and 47080.
Tweaking the ports in the server.xml file will only change the native
ports that the GUI uses.
The GUI manages IPTABLES rules to forward ports 443 and 80 to 47443 and
47080.
If these ports are already used by another service, the GUI will not start
up.
Making the GUI ports freely configurable is therefore not a strightforward
change, and currently no on our roadmap.
If you want to emphasize your case as future development item, please let
me know.
I would also be interested in:
> Scale version you are running
> Do you need port 80 or 443 as well?
> Would it work for you if the xCAT service was bound to a single IP
address?
Mit freundlichen Grüßen / Kind regards
Dr. Markus Rohwedder
Spectrum Scale GUI Development
Phone: +49 7034 6430190 IBM Deutschland Research &
Development
E-Mail: rohwedder at de.ibm.com Am Weiher 24
65451 Kelsterbach
Germany
Inactive hide details for Keith Ball ---22.08.2018 21:33:25---Hello All,
Does anyone know how to change the HTTP ports for the Keith Ball
---22.08.2018 21:33:25---Hello All, Does anyone know how to change the
HTTP ports for the Spectrum Scale GUI?
From: Keith Ball <bipcuds at gmail.com>
To: gpfsug-discuss at spectrumscale.org
Date: 22.08.2018 21:33
Subject: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
Sent by: gpfsug-discuss-bounces at spectrumscale.org
Hello All,
Does anyone know how to change the HTTP ports for the Spectrum Scale GUI?
Any documentation or RedPaper I have found deftly avoids discussing this.
The most promising thing I see is
in /opt/ibm/wlp/usr/servers/gpfsgui/server.xml:
<httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="47080"
httpsPort="47443">
<tcpOptions soReuseAddr="true"/>
</httpEndpoint>
but it appears that port 80 specifically is used also by the GUI's Web
service. I already have an HTTP server using port 80 for provisioning
(xCAT), so would rather change the Specturm Scale GUI configuration if I
can.
Many Thanks,
Keith
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180823/1b3bb461/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180823/1b3bb461/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17153317.gif
Type: image/gif
Size: 4659 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180823/1b3bb461/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180823/1b3bb461/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 17310450.gif
Type: image/gif
Size: 60281 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180823/1b3bb461/attachment-0003.gif>
More information about the gpfsug-discuss
mailing list