Gmetad With Firewalld

Support for security such as Firewalls and securing linux
Post Reply
_will_
Posts: 2
Joined: 2015/08/03 01:07:38

Gmetad With Firewalld

Post by _will_ » 2015/08/03 01:18:40

Dear all,

I'm regrettably having considerable problems getting gmetad to work with firewalld on Centos 7. I had ganglia running successfully on a small Fedora cluster using iptables, but encountered difficulties after upgrading to Centos.

I can telnet to all the nodes on port 8649 to receive the XML data stream from the gmond daemons, but when I try to access the web front-end on the head node, I receive the error message "There was an error collecting ganglia data (127.0.0.1:8652): XML error: Invalid document end at 1". I have unblocked tcp port 8652 (as well as 8649 and 8651). Running gmetad in debug mode does not reveal any errors, and whilst I can telnet local host on 8652, I do not receive any XML data. netstat and nc confirm that this port is listening and able to receive data.

If I disable firewalld, the front-end works, which suggests it's a firewalld problem, but all the requisite ports seem to be open, so I've run out of things to try in order to further diagnose this issue. Any suggestions as to how to resolve or further understand the problem would be highly appreciated. Apologies if this is regarded as more a gmetad problem, but having unblocked what I believe to be the necessary ports, I'm not sure of how to establish in what way firewalld is interfering with the gmetad process.

Thank you very much indeed.

Best wishes,


Will.

sho1sho1
Posts: 3
Joined: 2015/12/24 03:39:42

Re: Gmetad With Firewalld

Post by sho1sho1 » 2015/12/24 03:45:08

I had the same problem as you encountered.

The way I got it to work after hours of searching is editing one line in /etc/ganglia/gmetad.conf

# If you want any host which connects to the gmetad XML to receive
# data, then set this value to "on"
# default: off
#all_trusted on

Unhash #all_trusted on

# If you want any host which connects to the gmetad XML to receive
# data, then set this value to "on"
# default: off
all_trusted on

save file, then do systemctl restart gmetad and do systemctl restart firewalld.

Now you should have firewalld enabled and can still access the ganglia webpage!

Hope this helps anyone out there that ran into this problem!

Post Reply