For SCS installations where a Content Gateway deployment is not feasible, the Swarm Storage UI is not available to view a Swarm cluster as the Swarm Storage UI software resides on a Content Gateway.
DataCore's best suggestion for viewing a cluster and managing settings is to configure a Content Gateway with Swarm Storage UI, also called a Service Proxy, co-resident on that gateway. In the event that is not possible, Swarm storage nodes support a basic HTTP interface available using TCP port90 on every node (hereafter referred to as the port90 console). This port90 interface allows a user to see a view of the entire cluster and manage several features like Swarm Search and Replication feeds, along with changing the logging level. Settings not available to be changed via the port90 interface can typically be managed with swarmctl.
If the features of the port90 console are all that are required for visibility to a Swarm cluster, and a Content Gateway is not available, an additional container can be installed on the SCS server to provide visibility to the privately addressed Swarm cluster. The effect is to proxy requests (using port 8090, for example) from the public side of the SCS server to port90 on a Swarm storage node on the private side of the SCS server. This allows visibility and manageability of the cluster using the SCS server without an additional Content Gateway deployment.
How to Enable Port90 Proxy through SCS
Edit
/etc/firewalld/zones/public.xml
or (swarm-site.xml
whichever has the other port rules) and add a rule to allow port 8090 requests. The remainder of the instructions assume port 8090 is used. The result resembles:<?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <port protocol="tcp" port="8009"/> <port protocol="tcp" port="8080"/> <port protocol="tcp" port="8081"/> <port protocol="udp" port="123"/> <port protocol="udp" port="514"/> <port protocol="tcp" port="514"/> <port protocol="tcp" port="8090"/> <masquerade/> </zone>
Reload the firewall rules:
firewall-cmd --reload
Create a directory to configure port90 files
mkdir -p /opt/datacore/swarm-port90-console/
Create a configuration file to disable HTTP/1.0, remove headers that might expose internal IP addresses, Access Control for port90 container (
opt/datacore/swarm-port90-console/disable_http1.0.conf
)<IfModule mod_rewrite.c> RewriteEngine On # Block HTTP/1.0 requests RewriteCond %{SERVER_PROTOCOL} ^HTTP/1\.0$ RewriteRule .* - [F,L] </IfModule> <IfModule mod_headers.c> # Remove any headers that might contain internal IP addresses Header unset X-Forwarded-For Header unset X-Real-IP Header unset X-Client-IP Header unset Via Header unset X-Forwarded-Host # Anonymize the internal IP address RequestHeader edit X-Forwarded-For "192\.168\.\d+\.\d+" "anonymized" </IfModule> # Set proxy settings in the main configuration or a VirtualHost # For instance, you can place this in your main httpd.conf or a VirtualHost config: ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> Order deny,allow Deny from all Allow from 192.168.1.0/24 Allow from 10.0.0.0/16 Allow from 127.0.0.1 </Proxy>
Download the container
scs-container-port90-console.tar.gz
here and transfer it to the SCS server. Load the container:podman load < scs-container-port90-console.tar.gz
Collect the IP address of any Swarm node and replace it in the following command. Install the container:
podman run -d --name swarm-port90-console --security-opt=seccomp=unconfined -p 8090:8090 -e SCSP_HOST=[Swarm node IP] -v /opt/datacore/swarm-port90-console/disable_http1.0.conf:/etc/httpd/conf.d/block_http1.0.conf:Z docker-repo.tx.caringo.com/caringo-syslog:stable
Now port 8090 on the SCS server can be used to access Swarm’s port90 console:
http://[SCS-IP]:8090
No further actions are required. However, the container does not run when the SCS server is restarted. Continue with the instructions below to configure the container to auto-start.
Add Port90 Proxy Container to systemd
Create a systemd service for the container.
Generate a new systemd service for the port90 proxy container.
podman generate systemd --new --name swarm-port90-console > /usr/lib/systemd/system/swarm-port90-console.service
Stop the port90 proxy container.
podman stop swarm-port90-console
Enable port90 proxy container to auto-start on reboot and start it up again.
systemctl enable swarm-port90-console.service systemctl start swarm-port90-console.service
Now the port90 proxy container is running as a system service, with podman and systemd.
systemctl status swarm-port90-console.service
How to Remove port90 container
To eliminate the port90 container, execute the following commands to remove it from Podman:
systemctl stop swarm-port90-console.service systemctl disable swarm-port90-console.service
\uD83D\uDCCBRelated Articles
Filter by label
There are no items with the selected labels at this time.