Re: any example of iptables rules for apache ignite ?

Fri, 18 Mar 2016 20:41:55 -0700 

Ok, from the log file, I noticed that ignite node is ping'ing each other. So, I 
added following rule:


-A INPUT -p icmp --icmp-type 8 -s 10.140.151.68,10.140.151.200/31 -m state 
--state NEW,ESTABLISHED,RELATED -j ACCEPT

This makes it slightly better. Previously the rules simply killed the ignite on 
the node. Now, the ignite on the node is still alive, but couldn't join the 
topology.

Here is the message in the log:


[16:25:09,208][WARNING][disco-event-worker-#48%null%][GridDiscoveryManager] 
Node FAILED: TcpDiscoveryNode [id=615ba2d3-3941-428c-962e-abeb1461c0b1, 
addrs=[0:0:0:0:0:0:0:1%1, 10.140.151.201, 127.0.0.1], 
sockAddrs=[master2/10.140.151.201:47500, /0:0:0:0:0:0:0:1%1:47500, 
/10.140.151.201:47500, /127.0.0.1:47500], discPort=47500, order=203, 
intOrder=104, lastExchangeTime=1458145509186, loc=false, 
ver=1.5.0#20151229-sha1:f1f8cda2, isClient=false]

any help will be appreciated.


________________________________
From: X Yang <[email protected]>
Sent: 16 March 2016 15:53
To: [email protected]
Subject: any example of iptables rules for apache ignite ?



Dear All,

I have set up a cluster of 6 nodes (RHEL6.6) using 
apache-ignite-fabric-1.5.0.final-bin and it works without iptables.

However, once I enable iptables, even with the most generous rule as following, 
it stops working. Any tips?

-
Yang

--------------------------IPTABLES--------------------------
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -s 10.140.151.68,10.140.151.200/31 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT



--------------------------Config-------------------------------------
<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans";
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
       xmlns:util="http://www.springframework.org/schema/util";
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util.xsd";>

    <!-- Datasource for sample in-memory H2 database. -->
    <bean id="h2-example-db" class="org.h2.jdbcx.JdbcDataSource">
        <property name="URL" value="jdbc:h2:tcp://localhost/mem:ExampleDb" />
        <property name="user" value="sa" />
    </bean>

    <bean abstract="false" id="ignite.cfg" 
class="org.apache.ignite.configuration.IgniteConfiguration">
        <!-- Enable client mdoe. -->
        <property name="clientMode" value="true"/>
        <!-- Set to true to enable distributed class loading for examples, 
default is false. -->
        <property name="peerClassLoadingEnabled" value="true"/>

        <!-- Enable task execution events for examples. -->
        <property name="includeEventTypes">
            <list>
                <!--Task execution events-->
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_TASK_STARTED"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_TASK_FINISHED"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_TASK_FAILED"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_TASK_TIMEDOUT"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_TASK_SESSION_ATTR_SET"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_TASK_REDUCED"/>

                <!--Cache events-->
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_PUT"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_READ"/>
                <util:constant 
static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_REMOVED"/>
            </list>
        </property>

        <!-- Explicitly configure TCP discovery SPI to provide list of initial 
nodes. -->
        <property name="discoverySpi">
            <bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
                <property name="ipFinder">
                    <!--
                        Ignite provides several options for automatic discovery 
that can be used
                        instead os static IP based discovery. For information 
on all options refer
                        to our documentation: 
http://apacheignite.readme.io/docs/cluster-config
                    -->
                    <!--bean 
class="org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinder"-->
                    <bean 
class="org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder">
                        <property name="addresses">
                            <list>
                                <value>10.140.151.200:47500..47509</value>
                                <value>10.140.151.201:47500..47509</value>
                                <value>10.140.151.202:47500..47509</value>
                                <value>10.140.151.203:47500..47509</value>
                                <value>10.140.151.204:47500..47509</value>
                                <value>10.140.151.205:47500..47509</value>
                            </list>
                        </property>
                    </bean>
                </property>
            </bean>
        </property>
    </bean>
</beans>

Reply via email to