[MCOL-1318] Columnstore Cluster Tester tool is evaluating Failure if Firewall Services or SELINUX are enabled Created: 2018-04-02  Updated: 2023-10-26  Resolved: 2018-04-16

Status: Closed
Project: MariaDB ColumnStore
Component/s: None
Affects Version/s: 1.1.2, 1.1.3
Fix Version/s: 1.1.4

Type: New Feature Priority: Major
Reporter: Zdravelina Sokolovska (Inactive) Assignee: Daniel Lee (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Sprint: 2018-07, 2018-08

 Description   

Columnstore Cluster Tester tool is evaluating Failure if Firewall Services or SELINUX are enabled

it would be more appropriate to evaluate Warning instead of Failure
and run in additional checks if Firewall Services or SELINUX are enabled
in order to MDB Columnstore to be functional/compatible over/to security configurations

currently :
although the Firewall Services are configured properly regarding the preparation requirement guide
MariaDB ColumnStore port usage
so that Columnstore is being operational , Columnstore Cluster Tester tool is evaluating Failure

how to repeat :
enable the Firewall Services with required ports and run the Columnstore Cluster Tester tool

*** This is the MariaDB Columnstore Cluster System Test Tool ***
 
 
 
** Validate local OS is supported
 
 
 
Local Node OS System Name : CentOS Linux 7 (Core)
 
 
 
** Run Ping access Test to remote nodes
 
 
 
172.20.2.205  Node Passed ping test
 
172.20.2.206  Node Passed ping test
 
 
 
** Run SSH Login access Test to remote nodes
 
 
 
172.20.2.205  Node Passed SSH login test using ssh-keys
 
172.20.2.206  Node Passed SSH login test using ssh-keys
 
 
 
** Run OS check - OS version needs to be the same on all nodes
 
 
 
Local Node OS Version : CentOS Linux 7 (Core)
 
 
 
172.20.2.205 Node OS Version : CentOS Linux 7 (Core)
 
172.20.2.206 Node OS Version : CentOS Linux 7 (Core)
 
 
 
** Run Locale check - Locale needs to be the same on all nodes
 
 
 
Local Node Locale : LANG=en_US.UTF-8
 
172.20.2.205 Node Locale : LANG=en_US.UTF-8
 
172.20.2.206 Node Locale : LANG=en_US.UTF-8
 
 
 
** Run SELINUX check - Setting should to be disabled on all nodes
 
 
 
Local Node SELINUX setting is Not Enabled
 
172.20.2.205 Node SELINUX setting is Not Enabled
 
172.20.2.206 Node SELINUX setting is Not Enabled
 
 
 
** Run Firewall Services check - Firewall Services should to be Inactive on all nodes
 
 
 
Local Node iptables service is Not Active
 
Local Node ufw service is Not Active
 
Local Node firewalld service is Not Active
 
Local Node firewall service is Not Active
 
 
 
172.20.2.205 Node iptables service is Not Enabled
 
172.20.2.205 Node ufw service is Not Enabled
 
172.20.2.205 Node firewalld service is Not Enabled
 
172.20.2.205 Node firewall service is Not Enabled
 
 
 
172.20.2.206 Node iptables service is Not Enabled
 
172.20.2.206 Node ufw service is Not Enabled
 
Failed, 172.20.2.206 Node firewalld service is Active, please disable
 
172.20.2.206 Node firewall service is Not Enabled
 
 
 
 
 
Failure occurred, do you want to continue? (y,n) >

The problem is that all needed ports are enabled and Columnstore service is operational
but Columnstore Cluster Tester tool evaluates Failure

 Comments   
Comment by David Hill (Inactive) [ 2018-04-05 ]

changed to report warning if firewall is enabled.. and reference the port test for additional information.

    • Run Firewall Services check

Local Node iptables service is Not Active
Local Node ufw service is Not Active
Local Node firewalld service is Not Active
Local Node firewall service is Not Active

172.31.36.237 Node iptables service is Not Enabled
172.31.36.237 Node ufw service is Not Enabled
Warning, 172.31.36.237 Node firewalld service is Active, check port test results
172.31.36.237 Node firewall service is Not Enabled

    • Run MariaDB ColumnStore Port (8600-8630,8700,8800,3306) availibility test

172.31.36.237 Node Failed port test, check and disable any firewalls or open ports in firewall
All 34 scanned ports on ip-172-31-36-237.us-west-2.compute.internal (172.31.36.237) are filtered

Failure occurred, do you want to continue? (y,n) > n

Comment by David Hill (Inactive) [ 2018-04-05 ]

https://github.com/mariadb-corporation/mariadb-columnstore-engine/pull/436

Comment by David Hill (Inactive) [ 2018-04-05 ]

how to test - example for centos 7

enable firewall and run

[root@ip-172-31-36-237 ~]# systemctl stop firewalld.service

disable firewall and run
[root@ip-172-31-36-237 ~]# systemctl start firewalld.service

Comment by Daniel Lee (Inactive) [ 2018-04-16 ]

Build verified: 1.1.4-1 source
/root/columnstore/mariadb-columnstore-server
commit 5199dd1a096fd3457e8fc0508bf5fb24cedec435
Merge: fce3c5e e554e04
Author: David.Hall <david.hall@mariadb.com>
Date: Wed Apr 11 11:04:46 2018 -0500
Merge pull request #108 from mariadb-corporation/MCOL-1331
MCOL-1331 Fix CASE1.DM.sql
/root/columnstore/mariadb-columnstore-server/mariadb-columnstore-engine
[root@localhost mariadb-columnstore-engine]# git show
commit ae04b8a6877c87f3ed3566f2bf721bf285ca625f
Merge: 2ab632c dbcbd6c
Author: david hill <david.hill@mariadb.com>
Date: Tue Apr 10 10:55:56 2018 -0400
Merge pull request #438 from mariadb-corporation/MCOL-1323
MCOL-1323 cpimport Splitter has incorrect SIGPIPE mapping
diff --cc writeengine/splitter/we_splitterapp.cpp
index f52f362,0077ebd..402d2b0
mode 100755,100644..100755
— a/writeengine/splitter/we_splitterapp.cpp
+++ b/writeengine/splitter/we_splitterapp.cpp

Verified along with MCOL-1317.

    • Run MariaDB ColumnStore Port (8600-8630,8700,8800,3306) availability test

s1um1 Node Failed port test, check and disable any firewalls or open ports in firewall
All 34 scanned ports on s1um1 (10.0.0.11) are filtered

Generated at Thu Feb 08 02:27:50 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.