2

On my machine (debian jessie) ganeti-metad listens on all interfaces:

# netstat -lepn | grep metad
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          66528       32831/ganeti-metad
unix  2      [ ACC ]     STREAM     LISTENING     383      1/init              /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     66525    32831/ganeti-metad  /var/run/ganeti/socket/ganeti-metad

Currently I'm using the firewall to limit access, but I preferr to change the interface thThere is a argument in ganeti-metad to provide address, but it also says that default is based on cluster configuration:

# /usr/sbin/ganeti-metad --help
ganeti-metad (ganeti) version v2.12.4
Usage: ganeti-metad [OPTION...]
  -b ADDR  --bind=ADDR        Bind address (default depends on cluster configuration)

Which ganeti cluster configuration parameter drives the interface that ganeti-metad listens on? How to change it?

neutrinus
  • 1,095
  • 7
  • 18

2 Answers2

1

I'm not entirely sure if this is what you're trying to achieve ...

Did you tried to specify it inside /etc/default/ganeti, for example

# Default arguments for Ganeti daemons
NODED_ARGS=""
MASTERD_ARGS=""
RAPI_ARGS=""
CONFD_ARGS=""
LUXID_ARGS=""
METAD_ARGS="-b XX.XX.XX.XX"

XX.XX.XX.XX being the IP ganeti-metad should bind to?

Pierre.Vriens
  • 1,159
  • 34
  • 15
  • 19
gxx
  • 5,483
  • 2
  • 21
  • 42
  • Yeah, its a kind of solution, but then I need to do it on every node manualy and watch not to run `gnt-cluster redist-conf` because it will overwrite IP making it not working.. – neutrinus Nov 04 '15 at 09:57
  • Got your points: Regarding the distribution problem: Yeah, have no solution for this at hand, but maybe you could use a configuration management tool for this. Regarding `gnt-cluster redist-conf`: At least on my clusters, running `gnt-cluster (ganeti v2.11.6) 2.11.6` and `gnt-cluster (ganeti 2.15.1-1~bpo8+1) 2.15.1`, `/etc/default/ganeti` isn't distributed; maybe you could check this on your system(s). Another idea, not sure if this is possible for you: You could bind `ganeti-metad` to 127.0.0.1. Hope this helps, somehow. – gxx Nov 04 '15 at 12:20
  • @neutrinus: Did this help? – gxx Nov 07 '15 at 16:12
  • Yup, redist doesn't distribute `/etc/default/ganeti`, setting to `-b 127.0.0.1` worked. Thanks! – neutrinus Nov 09 '15 at 14:30
0

Default arguments for Ganeti daemons are in /etc/default/ganeti.

So add a new line METAD_ARGS="-p 81" to move ganeti-metad to port 81, or METAD_ARGS="-b abb.bbb.ccc.ddd -p 81" to also move the daemon to other interface.

To get this setup activated:

  1. run gnt-cluster redist-conf on ganeti master to propagate config in the cluster
  2. kill the running ganeti-metad daemons an all nodes. They will be restarted when Ganeti needs it, don't worry, i.e. when gnt-instance add ... is executed.
Doka
  • 156
  • 3
  • Thanks for pointing default arguments for daemons. Great, but as far as I understand it would result in all `ganeti-metad` trying to listen on same IP on all nodes? Every node has different IP, so it would not work. Can I instead provide a interface? – neutrinus Nov 04 '15 at 09:54
  • Note for others: `redist-conf` doesn't populate the `/etc/default/ganeti` file. – neutrinus Nov 06 '15 at 09:06