Stacki: Disabling Host Firewalls (Tutorial)

download Stacki: Disabling Host Firewalls (Tutorial)

of 7

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of Stacki: Disabling Host Firewalls (Tutorial)

  1. 1. Disabling Firewalls with Stacki Don MacVittie, Sr. Solutions Architect
  2. 2. Overview By default, Stacki will install and congure a host rewall on each backend server it congures. Currently, Stacki installs and congures iptables for each host Rules allow for communication on the public network, and internally on the private network. Some organizations do not like the use of iptables. This tutorial shows how to disable them.
  3. 3. Easy Conguration Before Install: Disabling rewalls globally is easiest before you install servers. Simply change the global attribute named rewall to false on the Stacki server. Your installations will not enable the rewall. stack list attr returns a large list of values global to the cluster, so we grep for the one we need to keep screen clutter down. The G at the end of the list lines means Global.
  4. 4. Disable for a Single Machine For all global attributes in Stacki, the value can be over-ridden on a per-machine basis. So if you need to disable rewalling for a single machine, but want to keep it for all others, simply use the same commands on a single machine. If the machine in question is not yet installed, this is all youll need to do. If it is in stalled, theres one more step well cover below.
  5. 5. Post install With Reinstalling Just tell Stacki that it needs to reinstall, and reboot the server in question. It will reinstall the OS, and then boot into it. If youve changed the net value = Global as over-ridden by host for the rewall attribute, all will install as expected.
  6. 6. Post Install without Reinstalling Once the install is completed, the rewall already exists on the target system, so well have to do a little more work. Once the attributes are set, the easiest way to clear a rewall is simply tell stacki to reinstall and reboot the backend server in question. But thats not always an option, so we can use the commands below to disable rewalls without a reinstall CentOS 6.X [root@stackidon ~]# stack iterate host backend command='/etc/init.d/iptables stop;chkcong iptables off' CentOS 7.X [root@stackidon ~]# stack iterate host backend command='systemctl stop iptables:systemctl disable iptables'
  7. 7. Stacki Resources There is a lot more to Stacki than this few slides can show. Join us at the links below to explore Stackis rich command structure and see how it answers your problems. Quick access to Stacki resources: Visit to download a pre-build ISO for RHEL/CentOS 6 & 7 and to sign up for our charter program Stacki source code is available on the StackIQ GitHub: Engage with other users and developers in the Stacki Google Group:!forum/stacki Find the detailed tutorial on disabling rewalls with Stacki on Slideshare: Follow us on Twitter @StackIQ