The server needs very basic configuration procedure.
The management network interface for web console, ssh, CLI is usually created during installation time itself. For Cloud computing instances it is usually the default network that gets assigned. For any additional network interfaces network configuration can be done using
MayaNAS server program is designed to work with SeLinux and firewall rules. There is no real requirement to disable them.
Explanation of SeLinux interaction with following components
Snapshot Replication service uses secure ssh based communication between MayaNAS servers with proper selinux context ssh_t as required. Usually no impact form selinux.
The service script will properly setup customized policy drbdrepli for DRBD when selinux is active.
Customized selinux policy update for HeartBeat ping is done automatically when selinux is active.
SeLinux adds additional overhead to ZFS by adding xattr on the files and directories. It maybe worthwhile disabling it when SeLinux is not really needed.
The required firewall ports for MayaNAS services are automatically opened during installation time or at operation time.
The configuration server for MayaNAS is standard RPC daemon similar to NFS services program (mountd,lockd) registered with portmapper daemon rpcbind. The CLI program that contacts maya.configd can be run locally, from another client using ONC RPC/XDR mechanism. This makes the program flexible and cross-platform, and be run from Windows also. You would need to restrict the client access by using TCP wrapper mechanism as you would for any network service related program.
The default TCP port for web console is 2020. It is registered to firewalld as mayastor-gui service.
Uses standard iSCSI TCP Port 3260 and has to be opened.
No additional ports required as it uses SSH pubkey based authentication
Each DRBD configured volume requires TCP port and the script will open-up port with firewalld. It will remove the TCP port when drbd volume is removed.
Needs UDP port 694 to be opened.
On Cloud instances the firewalld rules are usually configured to allow all traffic between the private networks. Only for web console firewall rule has to configured to allow the TCP port 2020 for web GUI. |
The Configure Server is for entering general bookkeeping information for your reference only.
This configuration is for
Viewing or Editing network information for enet controllers
Viewing or Assign Initiator or Target mode of operation for FC controllers
This configuration is for creating your own iSCSI target names and portal addresses. It is useful when you have multiple network interfaces and would like to control iSCSI service over particular subnet or network controller preference.
Portal Groups contain list of IPv4 addresses associated with a tag number for referencing. When iSCSI volume is associated with this tag the iSCSI discovery addresses are returned only with the addresses specified in that portal group.
MayaNAS server by default creates iSCSI target name based on system hostname and hostid, while provisioning iSCSI volume to hosts. But you may wish to create additional iSCSI target names and iSCSI portals to control the iSCSI service over particular subnet or network controller preference.
This configuration is for creating your own NVMe subsystem name and transport addresses. This way you have the flexibility of creating multiple controller names in addition to multiple namespaces in a single controller.
Portal Groups contain list of IPv4 addresses associated with a tag number for referencing. The transport address and port number is used by the NVMe fabrics discovery from the host side.
These are NVMeoF subsytem name similar to iSCSI naming convention except they start with nqn.