[gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
Ryan Novosielski
novosirj at rutgers.edu
Thu Jul 18 22:15:52 BST 2019
I happened across this message because I’ve already done this in the past and was trying to figure out how I did it (apparently didn’t write it down).
Most of it appeared to be adding to /etc/sysconfig/gpfsgui the following:
HTTP_PORT=8080
HTTPS_PORT=8443
…but that hasn’t completely done it yet. Going to have a look and see what else I might need to do.
--
____
|| \\UTGERS, |---------------------------*O*---------------------------
||_// the State | Ryan Novosielski - novosirj at rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
|| \\ of NJ | Office of Advanced Research Computing - MSB C630, Newark
`'
> On Aug 23, 2018, at 7:50 AM, Markus Rohwedder <rohwedder at de.ibm.com> wrote:
>
> Hello Juri, Keith,
>
> thank you for your responses.
>
> The internal services communicate on the privileged ports, for backwards compatibility and firewall simplicity reasons. We can not just assume all nodes in the cluster are at the latest level.
>
> Running two services at the same port on different IP addresses could be an option to consider for co-existance of the GUI and another service on the same node.
> However we have not set up, tested nor documented such a configuration as of today.
>
> Currently the GUI service manages the iptables redirect bring up and tear down.
> If this would be managed externally it would be possible to bind services to specific ports based on specific IPs.
>
> In order to create custom redirect rules based on IP address it is necessary to instruct the GUI to
> - not check for already used ports when the GUI service tries to start up
> - don't create/destroy port forwarding rules during GUI service start and stop.
> This GUI behavior can be configured using the internal flag UPDATE_IPTABLES in the service configuration with the 5.0.1.2 GUI code level.
>
> The service configuration is not stored in the cluster configuration and may be overwritten during code upgrades, so these settings may have to be added again after an upgrade.
>
> See this KC link:
> https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adv_firewallforgui.htm
>
> Mit freundlichen Grüßen / Kind regards
>
> Dr. Markus Rohwedder
>
> Spectrum Scale GUI Development
> <ecblank.gif>
> Phone: +49 7034 6430190 IBM Deutschland Research & Development
> <17153317.gif>
> E-Mail: rohwedder at de.ibm.com Am Weiher 24
> <ecblank.gif> <ecblank.gif> 65451 Kelsterbach
> <ecblank.gif> <ecblank.gif> Germany
> <ecblank.gif>
>
> <graycol.gif>"Daniel Kidger" ---23.08.2018 12:13:36---Keith, I have another IBM customer who also wished to move Scale GUI's https ports. In their case
>
> From: "Daniel Kidger" <daniel.kidger at uk.ibm.com>
> To: gpfsug-discuss at spectrumscale.org
> Cc: gpfsug-discuss at spectrumscale.org
> Date: 23.08.2018 12:13
> Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>
>
>
>
> Keith,
>
> I have another IBM customer who also wished to move Scale GUI's https ports.
> In their case because they had their own web based management interface on the same https port.
> Is this the same reason that you have?
> If so I wonder how many other sites have the same issue?
>
> One workaround that was suggested at the time, was to add a second IP address to the node (piggy-backing on 'eth0').
> Then run the two different GUIs, one per IP address.
> Is this an option, albeit a little ugly?
> Daniel
>
> <17310450.gif> Dr Daniel Kidger
> IBM Technical Sales Specialist
> Software Defined Solution Sales
>
> +44-(0)7818 522 266
> daniel.kidger at uk.ibm.com
>
>
>
> ----- Original message -----
> From: "Markus Rohwedder" <rohwedder at de.ibm.com>
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
> To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> Cc:
> Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
> Date: Thu, Aug 23, 2018 9:51 AM
> Hello Keith,
>
> it is not so easy.
>
> The GUI receives events from other scale components using the currently defined ports.
> Changing the GUI ports will cause breakage in the GUI stack at several places (internal watchdog functions, interlock with health events, interlock with CES).
> Therefore at this point there is no procedure to change this behaviour across all components.
>
> Because the GUI service does not run as root. the GUI server does not serve the privileged ports 80 and 443 directly but rather 47443 and 47080.
> Tweaking the ports in the server.xml file will only change the native ports that the GUI uses.
> The GUI manages IPTABLES rules to forward ports 443 and 80 to 47443 and 47080.
> If these ports are already used by another service, the GUI will not start up.
>
> Making the GUI ports freely configurable is therefore not a strightforward change, and currently no on our roadmap.
> If you want to emphasize your case as future development item, please let me know.
>
> I would also be interested in:
> > Scale version you are running
> > Do you need port 80 or 443 as well?
> > Would it work for you if the xCAT service was bound to a single IP address?
>
> Mit freundlichen Grüßen / Kind regards
>
> Dr. Markus Rohwedder
>
> Spectrum Scale GUI Development
>
> <ecblank.gif>
> Phone: +49 7034 6430190 IBM Deutschland Research & Development
> <17153317.gif>
> E-Mail: rohwedder at de.ibm.com Am Weiher 24
> <ecblank.gif> <ecblank.gif> 65451 Kelsterbach
> <ecblank.gif> <ecblank.gif> Germany
> <ecblank.gif>
>
> <graycol.gif>Keith Ball ---22.08.2018 21:33:25---Hello All, Does anyone know how to change the HTTP ports for the Spectrum Scale GUI?
>
> From: Keith Ball <bipcuds at gmail.com>
> To: gpfsug-discuss at spectrumscale.org
> Date: 22.08.2018 21:33
> Subject: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>
>
>
>
> Hello All,
>
> Does anyone know how to change the HTTP ports for the Spectrum Scale GUI? Any documentation or RedPaper I have found deftly avoids discussing this. The most promising thing I see is in /opt/ibm/wlp/usr/servers/gpfsgui/server.xml:
>
> <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="47080" httpsPort="47443">
> <tcpOptions soReuseAddr="true"/>
> </httpEndpoint>
>
> but it appears that port 80 specifically is used also by the GUI's Web service. I already have an HTTP server using port 80 for provisioning (xCAT), so would rather change the Specturm Scale GUI configuration if I can.
>
> Many Thanks,
> Keith
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
> Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number 741598.
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
More information about the gpfsug-discuss
mailing list