[PVE-User] Proxmox firewall – Ceph macro

Uwe Sauter uwe.sauter.de at gmail.com
Tue Jan 21 13:50:29 CET 2020


Hi,

I suspect that the Ceph macro in the firewall settings on datacenter level does not contain the complete list of necessary ports,
As soon as I enable the firewall on datacenter level I get slow ops reported from Ceph.

The firewall configuration line is:

enabled: true
type: in
action; ACCEPT
macro: Ceph
interface: <non given>
source: ipset "+px_cluster"
destination: ipset "+px_cluster"
protocol: <non given>
dest port: <non given>
source port: <non given>
log level: nolog

IPset "+px_cluster" contains all IP addresses from the clunster interface the cluster members. The IP addresses of the management
interfaces are not in that set.


Can anybody confirm that this is indeed an incomplete macro or is something wrong with my configuration?


Regards,

	Uwe Sauter


More information about the pve-user mailing list