[PVE-User] Proxmox firewall – Ceph macro
Uwe Sauter
uwe.sauter.de at gmail.com
Tue Jan 21 13:50:29 CET 2020
Hi,
I suspect that the Ceph macro in the firewall settings on datacenter level does not contain the complete list of necessary ports,
As soon as I enable the firewall on datacenter level I get slow ops reported from Ceph.
The firewall configuration line is:
enabled: true
type: in
action; ACCEPT
macro: Ceph
interface: <non given>
source: ipset "+px_cluster"
destination: ipset "+px_cluster"
protocol: <non given>
dest port: <non given>
source port: <non given>
log level: nolog
IPset "+px_cluster" contains all IP addresses from the clunster interface the cluster members. The IP addresses of the management
interfaces are not in that set.
Can anybody confirm that this is indeed an incomplete macro or is something wrong with my configuration?
Regards,
Uwe Sauter
More information about the pve-user
mailing list