[MXS-2828] set GCloud firewall rules to make Maxscale tests working Created: 2020-01-07 Updated: 2020-01-20 Resolved: 2020-01-20 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | test |
| Affects Version/s: | None |
| Fix Version/s: | 2.3.17 |
| Type: | Bug | Priority: | Major |
| Reporter: | Timofey Turenko | Assignee: | Timofey Turenko |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Sprint: | MXS-SPRINT-97, MXS-SPRINT-98 |
| Description |
|
Currently maxscale-system-test does not work on GCloud VM because "everything is closed" firewall rules in the Google SDN |
| Comments |
| Comment by Timofey Turenko [ 2020-01-13 ] |
|
Steven Andres commented: With the software defined networking power of Google Cloud, we prefer to have strict rules in place about inter-machine communications, even if it's all on the same "default" network. This is one of the powerful security advantages of Google Cloud versus a standard "physical LAN" where all machines can do layer2 comms with one another. I can add a rule to allow communication between the machines if that's what's required. But it is a security concern of mine. We have to be extra vigilant that we are being explicit with our communications. I've added a rule that allows from 10.0.0.0/8 to all machines on TCP ports 22,3306,4006-4009,6603 Let me know if you need additional ports. I couldn't find a resource online that showed the "normal" ports that MaxScale uses other than 3306 |
| Comment by Timofey Turenko [ 2020-01-13 ] |
|
a new request to open more ports sent: 4576, 4568, 4444, 4442, 6444 needed by Galera setup. 749, 88 - Kerberos tests 33066 - "extra port test" 4016 - binlog tests 5306 - one more Maxscale port 6603 - old admin interface to Maxscale |