[infinispan-dev] Infinispan EC2 demo firewall issue without locked down FD_SOCK start_port

Noel O'Connor noel.oconnor at gmail.com
Mon Jun 14 00:45:59 EDT 2010


Hi Galder,
Thanks for this, I'll take a look and fix it. I didn't notice it in the logs but I'll check it out.

cheers
Noel

On 14/06/2010, at 7:44 AM, galder at redhat.com wrote:

> Hi Noel,
> 
> First of all, thanks a million for writing http://infinispan.blogspot.com/2010/05/infinispan-ec2-demo.html. I think the work you did there is excellent.
> 
> I had a question for you though. In your jgroups-* files, you use FD_SOCK without a start_port which by default binds to random port (http://community.jboss.org/wiki/JGroupsFDSOCK). Given Amazon rules, I don't think clustering is working as expected in your case, cos without locking this port and opening it in the firewall, you'll see WARN messages like this in the logs and the cluster view will not form:
> 
> 2010-06-13 16:50:54,478 WARN  [org.jgroups.protocols.FD_SOCK] (OOB-1,infinispan-cluster,ip-10-194-230-242-27003) I (ip-10-194-230-242-27003) was suspected by domU-12-31-38-00-9C-52-25127; ignoring the SUSPECT message
> 
> To get around the issue do the following:
> 
> - Lock your FD_SOCK start_port values, i.e.    <FD_SOCK start_port="9777"/>
> - Open TCP port 9777 in your security group.
> 
> I'd suggest you verify your demo expectations bearing in mind this information and once you've done so, update the blog post :)
> 
> Cheers,   
> --
> Galder Zamarreño
> Sr. Software Engineer
> Infinispan, JBoss Cache
> 
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev




More information about the infinispan-dev mailing list