Re: Workaround for disabling iptables and SELinux?

[Paulo Ricardo Paz Vital]

Hello Ravindranath,

About what I could understand of Ambari's design, iptables can block 
some ports used between server and a client (agent nodes) during the 
client's registration step, as well the heartbeat communication during 
the execution of cluster. Also, there is the port of the web UI provided 
by ambari-web on server, and there are some portds (I never remember the 
numbers) that Nagios uses to provide some components' web UI on clients.

I guess you can create iptables rules for all these ports on both server 
and client sides. May be the ambari-server and ambari-agent can check 
the iptables rules and create them if not running. I was talking with a 
friend yesterday regarding this "missing feature" - my intention is not 
create a flame here guys :-D !!!

Now, regarding the SELinux I don't know the restriction it imposes on 
Ambari, so I can't help you on this - I must study this part :-D.

I hope this help you!
Regards, Paulo.

On 03/27/2013 12:18 AM, Ravindranath Akila wrote:
Actually, how does iptables and SELinux interfere with Ambari? If I know
that, maybe I can look for a workaround. Thanks in advance.

Yours,
   Ravindranath Akila...

On Wed, Mar 27, 2013 at 1:53 AM, Ravindranath Akila
<ravindranathak...@gmail.com <mailto:ravindranathak...@gmail.com>> wrote:

    I am tempted to do that or go for a physical firewall on Rackspace
    for 25k per month :-)
    My exposure to shell scripting is bad :-( Where can I grab the code?

    Thanks!

    R. A.

    On 26 Mar 2013 01:44, "Mahadev Konar" <maha...@hortonworks.com
    <mailto:maha...@hortonworks.com>> wrote:

        Hi Ravindra,
          Currently there isnt but it should be a minor change to the
        scripts. Do you want to file a jira and maybe upload a patch? :)
        We could switch it off with a flag option.

        thanks
        mahadev

        On Mon, Mar 25, 2013 at 6:18 AM, Ravindranath Akila
        <ravindranathak...@gmail.com
        <mailto:ravindranathak...@gmail.com>> wrote:

            Hello,
               Is there a workaround for disabling iptables and SELinux?
            I'm exploring the options of securing the cluster in the
            cloud without a physical firewall. Any suggestions would be
            great!

            Thanks in advance :-)

            Yours,
               Ravindranath Akila...

            --
            <http://www.ILikePlaces.com>
            *Find out on I Like Places* <http://www.ILikePlaces.com>
            *http://www.ILikePlaces.com*





--
<http://www.ILikePlaces.com>
*Find out on I Like Places* <http://www.ILikePlaces.com>
*http://www.ILikePlaces.com*


--
Paulo Ricardo Paz Vital, Staff Software Engineer
Linux Technology Center, IBM Systems & Technology Group
-------------------------------------------------------
IBM
Rodovia SP101, km9 - ZIP: 13186-900
Hortolândia, SP - Brazil
Phone: +55-19-2132-2336
e-mail: pvi...@linux.vnet.ibm.com
http://www.ibm.com/linux/ltc