[gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI

Ryan Novosielski novosirj at rutgers.edu
Thu Jul 18 22:26:50 BST 2019 

Nope, that appears to be all of it. I also had a problem with the postgresql service, which was why the gpfsgui wouldn’t start. But once I fixed that, I can log in on https://<GUI_HOST>:8443.

HTH.

> On Jul 18, 2019, at 5:15 PM, Ryan Novosielski <novosirj at rutgers.edu> wrote:
> 
> I happened across this message because I’ve already done this in the past and was trying to figure out how I did it (apparently didn’t write it down).
> 
> Most of it appeared to be adding to /etc/sysconfig/gpfsgui the following:
> 
> HTTP_PORT=8080
> HTTPS_PORT=8443
> 
> …but that hasn’t completely done it yet. Going to have a look and see what else I might need to do.
> 
> --
> ____
> || \\UTGERS,  	 |---------------------------*O*---------------------------
> ||_// the State	 |         Ryan Novosielski - novosirj at rutgers.edu
> || \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
> ||  \\    of NJ	 | Office of Advanced Research Computing - MSB C630, Newark
>     `'
> 
>> On Aug 23, 2018, at 7:50 AM, Markus Rohwedder <rohwedder at de.ibm.com> wrote:
>> 
>> Hello Juri, Keith,
>> 
>> thank you for your responses.
>> 
>> The internal services communicate on the privileged ports, for backwards compatibility and firewall simplicity reasons. We can not just assume all nodes in the cluster are at the latest level.
>> 
>> Running two services at the same port on different IP addresses could be an option to consider for co-existance of the GUI and another service on the same node.
>> However we have not set up, tested nor documented such a configuration as of today. 
>> 
>> Currently the GUI service manages the iptables redirect bring up and tear down.
>> If this would be managed externally it would be possible to bind services to specific ports based on specific IPs.
>> 
>> In order to create custom redirect rules based on IP address it is necessary to instruct the GUI to 
>> - not check for already used ports when the GUI service tries to start up
>> - don't create/destroy port forwarding rules during GUI service start and stop.
>> This GUI behavior can be configured using the internal flag UPDATE_IPTABLES in the service configuration with the 5.0.1.2 GUI code level.
>> 
>> The service configuration is not stored in the cluster configuration and may be overwritten during code upgrades, so these settings may have to be added again after an upgrade.
>> 
>> See this KC link:
>> https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.1/com.ibm.spectrum.scale.v5r01.doc/bl1adv_firewallforgui.htm
>> 
>> Mit freundlichen Grüßen / Kind regards
>> 
>> Dr. Markus Rohwedder
>> 
>> Spectrum Scale GUI Development
>> <ecblank.gif>
>> Phone:	+49 7034 6430190	IBM Deutschland Research & Development	
>> <17153317.gif>
>> E-Mail:	rohwedder at de.ibm.com	Am Weiher 24
>> <ecblank.gif>	<ecblank.gif>	65451 Kelsterbach
>> <ecblank.gif>	<ecblank.gif>	Germany
>> <ecblank.gif>
>> 
>> <graycol.gif>"Daniel Kidger" ---23.08.2018 12:13:36---Keith, I have another IBM customer who also wished to move Scale GUI's https ports. In their case
>> 
>> From:  "Daniel Kidger" <daniel.kidger at uk.ibm.com>
>> To:  gpfsug-discuss at spectrumscale.org
>> Cc:  gpfsug-discuss at spectrumscale.org
>> Date:  23.08.2018 12:13
>> Subject:  Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
>> Sent by:  gpfsug-discuss-bounces at spectrumscale.org
>> 
>> 
>> 
>> 
>> Keith,
>> 
>> I have another IBM customer who also wished to move Scale GUI's https ports.
>> In their case because they had their own web based management interface on the same https port.
>> Is this the same reason that you have?
>> If so I wonder how many other sites have the same issue?
>> 
>> One workaround that was suggested at the time, was to add a second IP address to the node (piggy-backing on 'eth0').
>> Then run the two different GUIs, one per IP address.
>> Is this an option, albeit a little ugly?
>> Daniel
>> 
>> <17310450.gif>				Dr Daniel Kidger
>> IBM Technical Sales Specialist
>> Software Defined Solution Sales
>> 
>> +44-(0)7818 522 266 
>> daniel.kidger at uk.ibm.com
>> 
>> 
>> 
>> ----- Original message -----
>> From: "Markus Rohwedder" <rohwedder at de.ibm.com>
>> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>> To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
>> Cc:
>> Subject: Re: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
>> Date: Thu, Aug 23, 2018 9:51 AM
>> Hello Keith,
>> 
>> it is not so easy.
>> 
>> The GUI receives events from other scale components using the currently defined ports.
>> Changing the GUI ports will cause breakage in the GUI stack at several places (internal watchdog functions, interlock with health events, interlock with CES).
>> Therefore at this point there is no procedure to change this behaviour across all components.
>> 
>> Because the GUI service does not run as root. the GUI server does not serve the privileged ports 80 and 443 directly but rather 47443 and 47080.
>> Tweaking the ports in the server.xml file will only change the native ports that the GUI uses.
>> The GUI manages IPTABLES rules to forward ports 443 and 80 to 47443 and 47080. 
>> If these ports are already used by another service, the GUI will not start up.
>> 
>> Making the GUI ports freely configurable is therefore not a strightforward change, and currently no on our roadmap.
>> If you want to emphasize your case as future development item, please let me know.
>> 
>> I would also be interested in:
>>> Scale version you are running
>>> Do you need port 80 or 443 as well?
>>> Would it work for you if the xCAT service was bound to a single IP address?
>> 
>> Mit freundlichen Grüßen / Kind regards
>> 
>> Dr. Markus Rohwedder
>> 
>> Spectrum Scale GUI Development
>> 
>> <ecblank.gif>
>> Phone:	+49 7034 6430190	IBM Deutschland Research & Development	
>> <17153317.gif>
>> E-Mail:	rohwedder at de.ibm.com	Am Weiher 24
>> <ecblank.gif>	<ecblank.gif>	65451 Kelsterbach
>> <ecblank.gif>	<ecblank.gif>	Germany
>> <ecblank.gif>
>> 
>> <graycol.gif>Keith Ball ---22.08.2018 21:33:25---Hello All, Does anyone know how to change the HTTP ports for the Spectrum Scale GUI?
>> 
>> From: Keith Ball <bipcuds at gmail.com>
>> To: gpfsug-discuss at spectrumscale.org
>> Date: 22.08.2018 21:33
>> Subject: [gpfsug-discuss] Changing Web ports for the Spectrum Scale GUI
>> Sent by: gpfsug-discuss-bounces at spectrumscale.org
>> 
>> 
>> 
>> 
>> Hello All,
>> 
>> Does anyone know how to change the HTTP ports for the Spectrum Scale GUI? Any documentation or RedPaper I have found deftly avoids discussing this. The most promising thing I see is in /opt/ibm/wlp/usr/servers/gpfsgui/server.xml:
>> 
>> <httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="47080" httpsPort="47443">
>> <tcpOptions soReuseAddr="true"/>
>> </httpEndpoint>
>> 
>> but it appears that port 80 specifically is used also by the GUI's Web service. I already have an HTTP server using port 80 for provisioning (xCAT), so would rather change the Specturm Scale GUI configuration if I can.
>> 
>> Many Thanks,
>> Keith
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>> 
>> 
>> 
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>> 
>> Unless stated otherwise above:
>> IBM United Kingdom Limited - Registered in England and Wales with number 741598. 
>> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>> 
>> 
>> 
>> _______________________________________________
>> gpfsug-discuss mailing list
>> gpfsug-discuss at spectrumscale.org
>> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> 
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss

More information about the gpfsug-discuss mailing list