Finally got my hands on AOS 5.5 and upgraded our lab Nutanix cluster to this version.
In my earlier post I described how to manipulate “iptables” rules to allow access to “Stargate” or “port 2009” pages. Stargate page contains lots of detailed information of I/O operations, more info in my earlier post. It seems that “iptables” configuration has changed in this version.
In versions prior AOS 5.5 “iptables” chain used was called “WORLDLIST”. In AOS 5.5 the name of the chain has changed to “MGMT_OPENFROMALL”. This requires changes in “iptables” commands used.
To use iptables/allssh commands
- login as nutanix user to any of your CVMs
- issue iptables / allssh commands
- all commands should be just one line
- two dashes in front of dport option
Enabling access to single CVM Stargate page
AOS 5.1 and older versions:
sudo su -
iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 2009 -j ACCEPT
AOS 5.5:
sudo su -
iptables -t filter -A MGMT_OPENFROMALL -p tcp -m tcp --dport 2009 -j ACCEPT
Enabling access to all Nutanix cluster Stargate pages:
AOS 5.1 and older versions:
allssh "sudo iptables -t filter -A WORLDLIST -p tcp -m tcp --dport 2009 -j ACCEPT"
AOS 5.5:
allssh "sudo iptables -t filter -A MGMT_OPENFROMALL -p tcp -m tcp --dport 2009 -j ACCEPT"
Removing access to all Nutanix cluster Stargate pages:
By default “iptables” rules are reverted back to default settings when CVM or node is rebooted. If you for some reason want to disable access, it can be done with commands below.
AOS 5.1 and older versions:
allssh "sudo iptables -t filter -D WORLDLIST -p tcp -m tcp --dport 2009 -j ACCEPT"
AOS 5.5:
allssh "sudo iptables -t filter -D MGMT_OPENFROMALL -p tcp -m tcp --dport 2009 -j ACCEPT"
DontPokeThePolarBear 