[gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI

Ryan Novosielski novosirj at rutgers.edu
Thu Jul 18 22:15:52 BST 2019 

I happened across this message because I’ve already done this in the past and was trying to figure out how I did it (apparently didn’t write it down).

Most of it appeared to be adding to /etc/sysconfig/gpfsgui the following:

HTTP_PORT=8080
HTTPS_PORT=8443

…but that hasn’t completely done it yet. Going to have a look and see what else I might need to do.

--
____
|| \\UTGERS,  	 |---------------------------*O*---------------------------
||_// the State	 |         Ryan Novosielski - novosirj at rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
||  \\    of NJ	 | Office of Advanced Research Computing - MSB C630, Newark
     `'

> On Aug 23, 2018, at 7:50 AM, Markus Rohwedder <rohwedder at de.ibm.com> wrote:
> 
> Hello Juri, Keith,
> 
> thank you for your responses.
> 
> The internal services communicate on the privileged ports, for backwards compatibility and firewall simplicity reasons. We can not just assume all nodes in the cluster are at the latest level.
> 
> Running two services at the same port on different IP addresses could be an option to consider for co-existance of the GUI and another service on the same node.
> However we have not set up, tested nor documented such a configuration as of today. 
> 
> Currently the GUI service manages the iptables redirect bring up and tear down.
> If this would be managed externally it would be possible to bind services to specific ports based on specific IPs.
> 
> In order to create custom redirect rules based on IP address it is necessary to instruct the GUI to 
> - not check for already used ports when the GUI service tries to start up
> - don't create/destroy port forwarding rules during GUI service start and stop.
> This GUI behavior can be configured using the internal flag UPDATE_IPTABLES in the service configuration with the 5.0.1.2 GUI code level.
> 
> The service configuration is not stored in the cluster configuration and may be overwritten during code upgrades, so these settings may have to be added again after an upgrade.
> 
> See this KC link:
> https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adv_firewallforgui.htm
> 
> Mit freundlichen Grüßen / Kind regards
> 
> Dr. Markus Rohwedder
> 
> Spectrum Scale GUI Development
> <ecblank.gif>
> Phone:	+49 7034 6430190	IBM Deutschland Research & Development	
> <17153317.gif>
> E-Mail:	rohwedder at de.ibm.com	Am Weiher 24
> <ecblank.gif>	<ecblank.gif>	65451 Kelsterbach
> <ecblank.gif>	<ecblank.gif>	Germany
> <ecblank.gif>
> 
> <graycol.gif>"Daniel Kidger" ---23.08.2018 12:13:36---Keith, I have another IBM customer who also wished to move Scale GUI's https ports. In their case
> 
> From:  "Daniel Kidger" <daniel.kidger at uk.ibm.com>
> To:  gpfsug-discuss at spectrumscale.org
> Cc:  gpfsug-discuss at spectrumscale.org
> Date:  23.08.2018 12:13
> Subject:  Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
> Sent by:  gpfsug-discuss-bounces at spectrumscale.org
> 
> 
> 
> 
> Keith,
> 
> I have another IBM customer who also wished to move Scale GUI's https ports.
> In their case because they had their own web based management interface on the same https port.
> Is this the same reason that you have?
> If so I wonder how many other sites have the same issue?
> 
> One workaround that was suggested at the time, was to add a second IP address to the node (piggy-backing on 'eth0').
> Then run the two different GUIs, one per IP address.
> Is this an option, albeit a little ugly?
> Daniel
> 
> <17310450.gif>				Dr Daniel Kidger
> IBM Technical Sales Specialist
> Software Defined Solution Sales
> 
> +44-(0)7818 522 266 
> daniel.kidger at uk.ibm.com
> 
> 
> 
> ----- Original message -----
> From: "Markus Rohwedder" <rohwedder at de.ibm.com>
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> Cc:
> Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
> Date: Thu, Aug 23, 2018 9:51 AM
> Hello Keith,
> 
> it is not so easy.
> 
> The GUI receives events from other scale components using the currently defined ports.
> Changing the GUI ports will cause breakage in the GUI stack at several places (internal watchdog functions, interlock with health events, interlock with CES).
> Therefore at this point there is no procedure to change this behaviour across all components.
> 
> Because the GUI service does not run as root. the GUI server does not serve the privileged ports 80 and 443 directly but rather 47443 and 47080.
> Tweaking the ports in the server.xml file will only change the native ports that the GUI uses.
> The GUI manages IPTABLES rules to forward ports 443 and 80 to 47443 and 47080. 
> If these ports are already used by another service, the GUI will not start up.
> 
> Making the GUI ports freely configurable is therefore not a strightforward change, and currently no on our roadmap.
> If you want to emphasize your case as future development item, please let me know.
> 
> I would also be interested in:
> > Scale version you are running
> > Do you need port 80 or 443 as well?
> > Would it work for you if the xCAT service was bound to a single IP address?
> 
> Mit freundlichen Grüßen / Kind regards
> 
> Dr. Markus Rohwedder
> 
> Spectrum Scale GUI Development
> 
> <ecblank.gif>
> Phone:	+49 7034 6430190	IBM Deutschland Research & Development	
> <17153317.gif>
> E-Mail:	rohwedder at de.ibm.com	Am Weiher 24
> <ecblank.gif>	<ecblank.gif>	65451 Kelsterbach
> <ecblank.gif>	<ecblank.gif>	Germany
> <ecblank.gif>
> 
> <graycol.gif>Keith Ball ---22.08.2018 21:33:25---Hello All, Does anyone know how to change the HTTP ports for the Spectrum Scale GUI?
> 
> From: Keith Ball <bipcuds at gmail.com>
> To: gpfsug-discuss at spectrumscale.org
> Date: 22.08.2018 21:33
> Subject: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> 
> 
> 
> 
> Hello All,
> 
> Does anyone know how to change the HTTP ports for the Spectrum Scale GUI? Any documentation or RedPaper I have found deftly avoids discussing this. The most promising thing I see is in /opt/ibm/wlp/usr/servers/gpfsgui/server.xml:
> 
> <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="47080" httpsPort="47443">
> <tcpOptions soReuseAddr="true"/>
> </httpEndpoint>
> 
> but it appears that port 80 specifically is used also by the GUI's Web service. I already have an HTTP server using port 80 for provisioning (xCAT), so would rather change the Specturm Scale GUI configuration if I can.
> 
> Many Thanks,
> Keith
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> 
> 
> 
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> 
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number 741598. 
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> 
> 
> 
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss

More information about the gpfsug-discuss mailing list