incubator-ambari-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paulo Ricardo Paz Vital <pvi...@linux.vnet.ibm.com>
Subject Re: Workaround for disabling iptables and SELinux?
Date Wed, 27 Mar 2013 10:55:54 GMT
Hello Ravindranath,

About what I could understand of Ambari's design, iptables can block 
some ports used between server and a client (agent nodes) during the 
client's registration step, as well the heartbeat communication during 
the execution of cluster. Also, there is the port of the web UI provided 
by ambari-web on server, and there are some portds (I never remember the 
numbers) that Nagios uses to provide some components' web UI on clients.

I guess you can create iptables rules for all these ports on both server 
and client sides. May be the ambari-server and ambari-agent can check 
the iptables rules and create them if not running. I was talking with a 
friend yesterday regarding this "missing feature" - my intention is not 
create a flame here guys :-D !!!

Now, regarding the SELinux I don't know the restriction it imposes on 
Ambari, so I can't help you on this - I must study this part :-D.

I hope this help you!
Regards, Paulo.

On 03/27/2013 12:18 AM, Ravindranath Akila wrote:
> Actually, how does iptables and SELinux interfere with Ambari? If I know
> that, maybe I can look for a workaround. Thanks in advance.
>
> Yours,
>    Ravindranath Akila...
>
> On Wed, Mar 27, 2013 at 1:53 AM, Ravindranath Akila
> <ravindranathakila@gmail.com <mailto:ravindranathakila@gmail.com>> wrote:
>
>     I am tempted to do that or go for a physical firewall on Rackspace
>     for 25k per month :-)
>     My exposure to shell scripting is bad :-( Where can I grab the code?
>
>     Thanks!
>
>     R. A.
>
>     On 26 Mar 2013 01:44, "Mahadev Konar" <mahadev@hortonworks.com
>     <mailto:mahadev@hortonworks.com>> wrote:
>
>         Hi Ravindra,
>           Currently there isnt but it should be a minor change to the
>         scripts. Do you want to file a jira and maybe upload a patch? :)
>         We could switch it off with a flag option.
>
>         thanks
>         mahadev
>
>         On Mon, Mar 25, 2013 at 6:18 AM, Ravindranath Akila
>         <ravindranathakila@gmail.com
>         <mailto:ravindranathakila@gmail.com>> wrote:
>
>             Hello,
>                Is there a workaround for disabling iptables and SELinux?
>             I'm exploring the options of securing the cluster in the
>             cloud without a physical firewall. Any suggestions would be
>             great!
>
>             Thanks in advance :-)
>
>             Yours,
>                Ravindranath Akila...
>
>             --
>             <http://www.ILikePlaces.com>
>             *Find out on I Like Places* <http://www.ILikePlaces.com>
>             *http://www.ILikePlaces.com*
>
>
>
>
>
> --
> <http://www.ILikePlaces.com>
> *Find out on I Like Places* <http://www.ILikePlaces.com>
> *http://www.ILikePlaces.com*


-- 
Paulo Ricardo Paz Vital, Staff Software Engineer
Linux Technology Center, IBM Systems & Technology Group
-------------------------------------------------------
IBM
Rodovia SP101, km9 - ZIP: 13186-900
Hortolândia, SP - Brazil
Phone: +55-19-2132-2336
e-mail: pvital@linux.vnet.ibm.com
http://www.ibm.com/linux/ltc


Mime
View raw message