After a lot if unsuccessful fiddling around with ports I gave up and
just opened up all ports between the Riak nodes.
I suggest you set up a security group called "Riak" with settings
something like the following:
Protocol | From Port | To Port | Source (IP or group)
---------+-----------+---------+---------------------
tcp | 1 | 65535 | Riak group
udp | 1 | 65535 | Riak group
tcp | 8098 | 8098 | WebServer group
Although all the ports are open on the Riak nodes, it is still pretty
secure because they are only open to nodes in the same security group,
i.e. other Riak nodes.
The only port open outside the Riak cluster is the default HTTP port,
which is only open to nodes in the "WebServer" security group. Change
"WebServer" to be the security group of whatever nodes are using Riak.
If you have changed the default or are using protocol buffers instead of
HTTP you will have to change the port number.
You may also want to add the SSH port to so that you can login, but I
suggest using a cloud-init script to do all the Riak installation and
initialization at node creation time, so in normal production use will
not need to SSH into the nodes.
__
Eamonn
On 2/4/11 9:00 AM, riak-users-requ...@lists.basho.com wrote:
Date: Wed, 02 Feb 2011 21:33:20 +0530 From: Abhishek Kona
<abhish...@flipkart.com> To: Sean Cribbs <s...@basho.com> Cc:
"riak-users@lists.basho.com" <riak-users@lists.basho.com> Subject: Re:
Riak Cluster Setup on EC2 Message-ID: <4d498048.3060...@flipkart.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed On
02/02/11 8:38 PM, Sean Cribbs wrote:
> Abhishek,
>
> First, make sure all of your nodes are in the same security group.
Yes, both the machines are on the same security group ( which has only
the ports 8098, 8099, 8087).
> Second, check that your OS doesn't have an additional firewall installed
(iptables, for example).
I can telnet into the Riak ports from each of the machines, so firewall
does not seem to be the issue.
> Third, you might consider doing what the Chef recipe for Riak does and
limit the ports that Erlang uses for distributed communication. Adding a section
to app.config like the below will limit the port range:
>
> {kernel, [
> {inet_dist_listen_min, 6000},
> {inet_dist_listen_max, 7999}
> ]}
>
> You'll need to stop Riak, kill the "epmd" process, and then start Riak up
again for this change to take effect. Make sure those ports are also open in your security
group and any software firewall you have.
>
Tried with these changes as well, but still get the same message.
Anything else, I can try?.
Thanks for the help.
> Sean Cribbs<s...@basho.com>
> Developer Advocate
> Basho Technologies, Inc.
> http://basho.com/
>
> On Feb 2, 2011, at 8:47 AM, Abhishek Kona wrote:
>
>> Hi folks
>>
>> I am trying to set up a Riak cluster on EC2.
>> Each time I issue a command :
>>
>> $ sudo riak-admin joinriak@10.130.149.253
>>
>> It fails :
>>
>> Attempting to restart script through sudo -u riak
>>
>> Noderiak@10.130.149.253 is not reachable!
>>
>>
>> Netstat on both the machines says the ports are running fine.
>>
>> netstat -na | egrep '(8087|8098|8099)'
>>
>> tcp 0 0 0.0.0.0:8098 0.0.0.0:* LISTEN
>>
>> tcp 0 0 0.0.0.0:8099 0.0.0.0:* LISTEN
>>
>> tcp 0 0 0.0.0.0:8087 0.0.0.0:* LISTEN
>>
>>
>> I can telnet to all the ports from each of the machine.
>> I have been pulling my hair for long but of no avail.
>> Can any one look and tell me what I am doing wrong.
>> Are there any debug logs where I can look at what is going wrong?
>> Is there any EC2 specific trick (like using public hostnames).
>>
>> I am attaching my app.cfg file for reference.
>>
>> Thanks
>> -Abhishek Kona
>>
>> <app.cfg>_______________________________________________
>> riak-users mailing list
>> riak-users@lists.basho.com
>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
_______________________________________________
riak-users mailing list
riak-users@lists.basho.com
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
