How can I bind glusterfsd process to an interface (ip)?

Question

I try to bind gluster processes to the internal (lan) interface unsuccessfully.

According to the documentation I can bind to IP in /etc/gluster/glusterd.vol

# cat /etc/glusterfs/glusterd.vol 
volume management
    type mgmt/glusterd
    option working-directory /var/lib/glusterd
    option transport-type socket,rdma
    option transport.rdma.bind-address  192.168.1.1
    option transport.socket.bind-address 192.168.1.1
    option transport.socket.keepalive-time 10
    option transport.socket.keepalive-interval 2
    option transport.socket.read-fail-log off
end-volume

So far so good. However, after restarting the services, I see:

# netstat -ltpn | grep gluster
tcp        0      0 0.0.0.0:49154           0.0.0.0:*               LISTEN      32205/glusterfsd
tcp        0      0 192.168.1.1:24007      0.0.0.0:*               LISTEN      32002/glusterd  

Glusterd is OK, but glusterfsd is definitely NOT. I can't find any options which can bind individual shares in gluster volume set ....

How can I restrict that glusterfsd process to 192.168.1.1? I really don't like it's exposed to the World.

Answer 1

Old question, but i stumbled upon the same question yesterday. Maybe it will help someone in the future.

Here is my answer (tested with glusterfs 5.5)

Create in /etc/glusterfs a file named "glusterfsd.vol".

Add the following config for each volume to the file to configure the source ip.

volume <your-volume-name>-server
    type protocol/server
    option transport.socket.bind-address 192.168.1.1
end-volume

If you use local fuse mounts, make sure to use 192.168.1.1 instead of localhost to connect to the volume because the volume is now only reachable over this IP.