Skip to Content.
Sympa Menu

perfsonar-user - Re: [perfsonar-user] memcached and firewall rules

Subject: perfSONAR User Q&A and Other Discussion

List archive

Re: [perfsonar-user] memcached and firewall rules


Chronological Thread 
  • From: Hervey Allen <>
  • To: Andrew Lake <>,
  • Subject: Re: [perfsonar-user] memcached and firewall rules
  • Date: Fri, 9 Feb 2018 10:05:16 -0800
  • Ironport-phdr: 9a23:yvMGOhMJiau771UgEkYl6mtUPXoX/o7sNwtQ0KIMzox0I///rarrMEGX3/hxlliBBdydt6odzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlViDanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkaKTA5/mHZistzgqxVrh2uqB5wzJLbboyOKPp+Z7nQcc8GSWdPXMtcUTFKDIOmb4sICuoMJeRWoJfnp1sQsxS/BRSnCf/ryj9MmHD227Ax3uMhEQ7YxgwgAcwBsXTPodXzL6cSS/y6wLPPzTXZYPNbwDHw45XGfBAmpPGDR7NwcczJxEkpDAPFlEmfpZbiPzOP2eQBq3Cb4PR6VeKhkG4nrAdxrSK1xss2jInGmJ4VxkjK9Spj3Ik6O8a3SEl8Yd6nCpdfqyaaN45wT8g/QG9ooD43xqMHtJKnfiUHzZcqyhHDZ/CbdoWE/BHuWeWNLTp9i39ofbeyihWu/Ue9xO3xU82530tWoiVfitXAqHEA2wDR58WCSfZw8Vut1SqK2gzN9u1IPFw4mK/FJ5MkwLM9lpUevVrGEyL0nEj7grOZe0An9+e09ejqbbDrq52AOIJ0lw7zNLkllNalDuQiKAcOWnCW+eSi273n+k30WLBKgec3kqndqpzaI98bprSlDANP1YYj8Rm/Ay+n0NQeg3YHMEpIdAyGgoT1OVzDJfP1APijj1iwlTpn2fPLM779DpjIIXXOlbLscLVh50FBxgo+yNRS6I9IBr4bOP7zX1X+tN3cDh83KQy0xOPnBc191owAQ2KPHLGWMaPJvF+O/eIvOfWDaJUSuDbnJPgp/+TugmMhmV8BYamp2oMaaGimEfR8LUWZen3sgtEbHmcQpwY+Uffqh0OYUTNIY3ayXrk85i0gCI64F4vDR4atgKCf0yehGJ1ZeHxGBk6WHXj2aoqERqREVCXHC8ltiDEbHZyoSIJpgRiouB7SxqEhKOfIrGlQrZ/52sNy4eTJ0Awp+CZcDsKB3nuLQn0u2G4EWmwYxqd69Gxw0EmOwOBRh/hVE5QH5/5TTAorHZjH1ec8DMr9DFGSNuyVQUqrF431SQo6Scg8locD
  • Organization: Network Startup Resource Center

On 2/9/18 6:18 AM, Andrew Lake wrote:
> Hi,
>
> The only things that needs access to memcached comes from localhost. The
> esmond archiving plugin in pscheduler uses it as a cache between
> archiving processes to speed-up some requests. You can safely block it.
>

I read more and came to that conclusion. Thank you Andy!

> For a list of the ports that need to be open
> see http://docs.perfsonar.net/manage_security.html. If you would like a
> default set of firewall rules installed for you run ‘yum install
> perfsonar-toolkit-security’ on your testpoint which will setup rules on
> the host that only allow the listed ports through.
>

I think that's what was missed... we had installed the perfSONAR
Toolkit, but totally spaced on doing that step and the following:

/usr/lib/perfsonar/scripts/configure_firewall install


d'oh!

Thank you Andy. Makes so much more sense now.

- Hervey

> Hope that helps,
> Andy
>
>
>
> On February 8, 2018 at 4:54:03 PM, Hervey Allen
> (
> <mailto:>)
> wrote:
>
>> Hi All - Our IT Security group contacted us to say that the memcached
>> process was open on our perfSONAR Testpoint bundle instance we had
>> installed.
>>
>> It is...
>>
>> Question - I have the perfSONAR default firewall rules in place. This is
>> running on a CentOS 7 box. What specifically needs to talk to this
>> service? Is this a service that is installed with Postgres? That's what
>> I think is happening.
>>
>> Does Esmond need access to memcache from an archive host? Anything else?
>> Based on the release notes for 4.0rc3:
>>
>> "Added memcached support to esmond archiver for tracking metadata
>> objects already created in order to increase archiver performance"
>>
>> I think this is the case.
>>
>> I'm trying to figure out proper strategy for recommending what to do
>> with the open memcached service.
>>
>> I believe adding a firewall rule to only allow access to memcached on
>> the perfSONAR Testpoint Bundle node and from wherever we have Esmond is
>> what makes sense?
>>
>> Comments or recommendations are most welcome.
>>
>> Thank you!
>>
>> - Hervey
>>
>>
>>
>> Network Startup Resource Center
>> https://nsrc.org/


--
Hervey Allen Assistant Director, Network Startup Resource Center

http://nsrc.org/ : http://facebook.com/nsrc.org
GPG Fingerprint: AC08 31CB E453 6C65 2AB3 4EDB CEEB 5A74 C6E5 624F



Archive powered by MHonArc 2.6.19.

Top of Page