[gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
Ryan Novosielski
novosirj at rutgers.edu
Thu Jul 18 22:26:50 BST 2019
Nope, that appears to be all of it. I also had a problem with the postgresql service, which was why the gpfsgui wouldn’t start. But once I fixed that, I can log in on https://<GUI_HOST>:8443.
HTH.
> On Jul 18, 2019, at 5:15 PM, Ryan Novosielski <novosirj at rutgers.edu> wrote:
>
> I happened across this message because I’ve already done this in the past and was trying to figure out how I did it (apparently didn’t write it down).
>
> Most of it appeared to be adding to /etc/sysconfig/gpfsgui the following:
>
> HTTP_PORT=8080
> HTTPS_PORT=8443
>
> …but that hasn’t completely done it yet. Going to have a look and see what else I might need to do.
>
> --
> ____
> || \\UTGERS, |---------------------------*O*---------------------------
> ||_// the State | Ryan Novosielski - novosirj at rutgers.edu
> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
> || \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
> `'
>
>> On Aug 23, 2018, at 7:50 AM, Markus Rohwedder <rohwedder at de.ibm.com> wrote:
>>
>> Hello Juri, Keith,
>>
>> thank you for your responses.
>>
>> The internal services communicate on the privileged ports, for backwards compatibility and firewall simplicity reasons. We can not just assume all nodes in the cluster are at the latest level.
>>
>> Running two services at the same port on different IP addresses could be an option to consider for co-existance of the GUI and another service on the same node.
>> However we have not set up, tested nor documented such a configuration as of today.
>>
>> Currently the GUI service manages the iptables redirect bring up and tear down.
>> If this would be managed externally it would be possible to bind services to specific ports based on specific IPs.
>>
>> In order to create custom redirect rules based on IP address it is necessary to instruct the GUI to
>> - not check for already used ports when the GUI service tries to start up
>> - don't create/destroy port forwarding rules during GUI service start and stop.
>> This GUI behavior can be configured using the internal flag UPDATE_IPTABLES in the service configuration with the 5.0.1.2 GUI code level.
>>
>> The service configuration is not stored in the cluster configuration and may be overwritten during code upgrades, so these settings may have to be added again after an upgrade.
>>
>> See this KC link:
>> https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adv_firewallforgui.htm
>>
>> Mit freundlichen Grüßen / Kind regards
>>
>> Dr. Markus Rohwedder
>>
>> Spectrum Scale GUI Development
>> <ecblank.gif>
>> Phone: +49 7034 6430190 IBM Deutschland Research & Development
>> <17153317.gif>
>> E-Mail: rohwedder at de.ibm.com Am Weiher 24
>> <ecblank.gif> <ecblank.gif> 65451 Kelsterbach
>> <ecblank.gif> <ecblank.gif> Germany
>> <ecblank.gif>
>>
>> <graycol.gif>"Daniel Kidger" ---23.08.2018 12:13:36---Keith, I have another IBM customer who also wished to move Scale GUI's https ports. In their case
>>
>> From: "Daniel Kidger" <daniel.kidger at uk.ibm.com>
>> To: gpfsug-discuss at spectrumscale.org
>> Cc: gpfsug-discuss at spectrumscale.org
>> Date: 23.08.2018 12:13
>> Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
>> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>>
>>
>>
>>
>> Keith,
>>
>> I have another IBM customer who also wished to move Scale GUI's https ports.
>> In their case because they had their own web based management interface on the same https port.
>> Is this the same reason that you have?
>> If so I wonder how many other sites have the same issue?
>>
>> One workaround that was suggested at the time, was to add a second IP address to the node (piggy-backing on 'eth0').
>> Then run the two different GUIs, one per IP address.
>> Is this an option, albeit a little ugly?
>> Daniel
>>
>> <17310450.gif> Dr Daniel Kidger
>> IBM Technical Sales Specialist
>> Software Defined Solution Sales
>>
>> +44-(0)7818 522 266
>> daniel.kidger at uk.ibm.com
>>
>>
>>
>> ----- Original message -----
>> From: "Markus Rohwedder" <rohwedder at de.ibm.com>
>> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>> To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
>> Cc:
>> Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
>> Date: Thu, Aug 23, 2018 9:51 AM
>> Hello Keith,
>>
>> it is not so easy.
>>
>> The GUI receives events from other scale components using the currently defined ports.
>> Changing the GUI ports will cause breakage in the GUI stack at several places (internal watchdog functions, interlock with health events, interlock with CES).
>> Therefore at this point there is no procedure to change this behaviour across all components.
>>
>> Because the GUI service does not run as root. the GUI server does not serve the privileged ports 80 and 443 directly but rather 47443 and 47080.
>> Tweaking the ports in the server.xml file will only change the native ports that the GUI uses.
>> The GUI manages IPTABLES rules to forward ports 443 and 80 to 47443 and 47080.
>> If these ports are already used by another service, the GUI will not start up.
>>
>> Making the GUI ports freely configurable is therefore not a strightforward change, and currently no on our roadmap.
>> If you want to emphasize your case as future development item, please let me know.
>>
>> I would also be interested in:
>>> Scale version you are running
>>> Do you need port 80 or 443 as well?
>>> Would it work for you if the xCAT service was bound to a single IP address?
>>
>> Mit freundlichen Grüßen / Kind regards
>>
>> Dr. Markus Rohwedder
>>
>> Spectrum Scale GUI Development
>>
>> <ecblank.gif>
>> Phone: +49 7034 6430190 IBM Deutschland Research & Development
>> <17153317.gif>
>> E-Mail: rohwedder at de.ibm.com Am Weiher 24
>> <ecblank.gif> <ecblank.gif> 65451 Kelsterbach
>> <ecblank.gif> <ecblank.gif> Germany
>> <ecblank.gif>
>>
>> <graycol.gif>Keith Ball ---22.08.2018 21:33:25---Hello All, Does anyone know how to change the HTTP ports for the Spectrum Scale GUI?
>>
>> From: Keith Ball <bipcuds at gmail.com>
>> To: gpfsug-discuss at spectrumscale.org
>> Date: 22.08.2018 21:33
>> Subject: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
>> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>>
>>
>>
>>
>> Hello All,
>>
>> Does anyone know how to change the HTTP ports for the Spectrum Scale GUI? Any documentation or RedPaper I have found deftly avoids discussing this. The most promising thing I see is in /opt/ibm/wlp/usr/servers/gpfsgui/server.xml:
>>
>> <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="47080" httpsPort="47443">
>> <tcpOptions soReuseAddr="true"/>
>> </httpEndpoint>
>>
>> but it appears that port 80 specifically is used also by the GUI's Web service. I already have an HTTP server using port 80 for provisioning (xCAT), so would rather change the Specturm Scale GUI configuration if I can.
>>
>> Many Thanks,
>> Keith
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>>
>>
>>
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>>
>> Unless stated otherwise above:
>> IBM United Kingdom Limited - Registered in England and Wales with number 741598.
>> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>>
>>
>>
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
More information about the gpfsug-discuss
mailing list