[ https://issues.apache.org/jira/browse/BROOKLYN-41?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Svetoslav Neykov resolved BROOKLYN-41. -------------------------------------- Resolution: Fixed Fix Version/s: 0.12.0 Should've been fixed with https://github.com/apache/brooklyn-server/pull/713. > openIptables config appears to customise entries for requested ports, not > assigned > ---------------------------------------------------------------------------------- > > Key: BROOKLYN-41 > URL: https://issues.apache.org/jira/browse/BROOKLYN-41 > Project: Brooklyn > Issue Type: Bug > Reporter: Sam Corbett > Fix For: 0.12.0 > > > I set the openIptables config option on a location and deployed an app with > one Java app and seven Redis databases. > I expected Brooklyn to configure the Iptables firewall with an entry for each > Redis databse port, but instead saw only one entry. My guess is that it's > customising based on the requested ports, not those that were assigned. > Output from the server: > {code} > [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ ps aux | > grep redis > sam 8153 0.0 0.0 137344 7256 ? Ssl 16:51 0:00 > ./bin/redis-server *:6383 > sam 8173 0.0 0.0 137344 7380 ? Ssl 16:51 0:00 > ./bin/redis-server *:6382 > sam 8499 0.0 0.0 137344 7348 ? Ssl 16:51 0:00 > ./bin/redis-server *:6380 > sam 8641 0.0 0.0 137344 7376 ? Ssl 16:51 0:00 > ./bin/redis-server *:6385 > sam 9362 0.0 0.0 137344 7256 ? Ssl 16:51 0:00 > ./bin/redis-server *:6379 > sam 9547 0.0 0.0 137344 7380 ? Ssl 16:52 0:00 > ./bin/redis-server *:6381 > sam 10043 0.0 0.0 137344 7380 ? Ssl 16:52 0:00 > ./bin/redis-server *:6384 > sam 17293 0.0 0.0 103248 840 pts/0 S+ 17:02 0:00 grep redis > [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ sudo > service iptables status > Table: filter > Chain INPUT (policy ACCEPT) > num target prot opt source destination > 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1099 > 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpt:31001 > 3 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp > dpt:61616 > 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6379 > 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 > 6 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state > RELATED,ESTABLISHED > 7 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 > 8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW > tcp dpt:22 > 10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with > icmp-host-prohibited > Chain FORWARD (policy ACCEPT) > num target prot opt source destination > 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with > icmp-host-prohibited > Chain OUTPUT (policy ACCEPT) > num target prot opt source destination > [sam@brooklyn-muyh-sam-margini-i1lw-redis-and-datafu-rxek-ac1 ~]$ > {code} > I would expect six more entries of the form 'tcp dpt:6379' for ports > 6380-6385. -- This message was sent by Atlassian JIRA (v6.4.14#64029)