Hi James,
We have a 5 node cluster running in production with no problems on
CentOS. We have each node isolated on a private lan. Our application
server has two interfaces, one to the outside world with a very
restricted firewall, and the second connected to the private lan with
the 5 nodes.
Assuming you set the node names accordingly and followed:
http://docs.basho.com/riak/latest/cookbooks/Basic-Cluster-Setup/
One thing to check would your firewall, which is by default on with CentOS.
>sudo service iptables status
If you have your 4 nodes on a private lan, or perhaps well protected
behind a firewall as an internal deployment, then it is relatively
straight forward. You can just turn off your firewall on the 4 machines.
If your machines are not on a isolated private lan and are exposed to
the internet, or just need to be protected behind a firewall, you will
need to do the following.
http://docs.basho.com/riak/1.2.0/cookbooks/Network-Security-and-Firewall-Configurations/
First, in your app.config, you will need to add the following at the top
level (same as riak.core). You can pick whatever min and max range you
want - here I arbitrarily chosen 4 ports:
{ kernel, [
{inet_dist_listen_min, 7010},
{inet_dist_listen_max, 7014}
]},
Next, on each or our riak nodes, you will need to edit your iptables. I
tend to edit them manually using sudo.
> sudo vi /etc/sysconfig/iptables (and add the following to
RH-Firewall-1-INPUT just above the icmp-host-prohibited)
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4369
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8087
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8099
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport
7010:7014 -j ACCEPT
> sudo service iptables restart
After doing this on all the nodes, they should all be visible to each
other. If you wanted to lock down your firewall even further, you can
specify a range of IP addresses.
Finally, on the machine that your erlang application or Riak client, you
will need to do the following:
sudo vi /etc/sysconf/iptable (and add the following to
RH-Firewall-1-INPUT just above the icmp-host-prohibited)
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8098
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8087
-j ACCEPT
> sudo service iptables restart
Hope this helps...
Bryan
On 10/30/12 11:39 AM, SWEENEY, JAMES wrote:
Hello, I am attempting to create a 4 node riak installation on 4 separate
CentOS servers. Installation of Riak went well. We have run simple tests
like riak ping, sudo curl \-v http://127.0.0.1:8098/riak/test, ect, and
everything seems fine with the riak servers, they all start up with no errors.
We used the default ports in the app.config files. Ie: epmd listener:
TCP:4369
handoff_port listener: TCP:8099
web_port: TCP:8098
pb_port: TCP:8087
We have updated all ip addresses in the config files as instructed on the riak
site. Also, we have verified by telnet that the ports are all open and that I
can telnet between the riak servers. Still after all of that, when I try to
do a cluster command I get the following response:
[root@essd-riak-test-server ~]# riak-admin cluster join [email protected]
Attempting to restart script through sudo -H -u riak
Node [email protected] is not reachable!
[root@essd-riak-test-server ~]#
I have been stuck on this issue for quite a while and tried everything I found
on the riak web site to resolve this. Any help you could offer would greatly
be appreciated. Thanks in advance.
Sincerely,
James Sweeney
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
--
Bryan Hughes
CTO and Founder / *Go Factory*
(415) 515-7916
http://www.go-factory.net
/"Art is never finished, only abandoned. - Leonardo da Vinci"/
_______________________________________________
riak-users mailing list
[email protected]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
