[infinispan-dev] Infinispan EC2 demo firewall issue without locked down FD_SOCK start_port
Bela Ban
bban at redhat.com
Mon Jun 14 10:37:01 EDT 2010
for my demo, I did the following:
iptables -F ; chkconfig --del iptables ; ip6tables -F ; chkconfig --del
ip6tables
This helped (maybe not recommended for production :-))...
Vladimir Blagojevic wrote:
> Bela worked recently in similar environment. Maybe he can provide you with a sample jgroups config that is EC2 friendly.
> On 2010-06-14, at 12:45 AM, Noel O'Connor wrote:
>
>
>> Hi Galder,
>> Thanks for this, I'll take a look and fix it. I didn't notice it in the logs but I'll check it out.
>>
>> cheers
>> Noel
>>
>> On 14/06/2010, at 7:44 AM, galder at redhat.com wrote:
>>
>>
>>> Hi Noel,
>>>
>>> First of all, thanks a million for writing http://infinispan.blogspot.com/2010/05/infinispan-ec2-demo.html. I think the work you did there is excellent.
>>>
>>> I had a question for you though. In your jgroups-* files, you use FD_SOCK without a start_port which by default binds to random port (http://community.jboss.org/wiki/JGroupsFDSOCK). Given Amazon rules, I don't think clustering is working as expected in your case, cos without locking this port and opening it in the firewall, you'll see WARN messages like this in the logs and the cluster view will not form:
>>>
>>> 2010-06-13 16:50:54,478 WARN [org.jgroups.protocols.FD_SOCK] (OOB-1,infinispan-cluster,ip-10-194-230-242-27003) I (ip-10-194-230-242-27003) was suspected by domU-12-31-38-00-9C-52-25127; ignoring the SUSPECT message
>>>
>>> To get around the issue do the following:
>>>
>>> - Lock your FD_SOCK start_port values, i.e. <FD_SOCK start_port="9777"/>
>>> - Open TCP port 9777 in your security group.
>>>
>>> I'd suggest you verify your demo expectations bearing in mind this information and once you've done so, update the blog post :)
>>>
>>> Cheers,
>>> --
>>> Galder Zamarreño
>>> Sr. Software Engineer
>>> Infinispan, JBoss Cache
>>>
>>> _______________________________________________
>>> infinispan-dev mailing list
>>> infinispan-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>>>
>> _______________________________________________
>> infinispan-dev mailing list
>> infinispan-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
>>
>
> --
> Vladimir Blagojevic
> JBoss Clustering Team
> JBoss by Red Hat
>
>
>
>
>
--
Bela Ban
Lead JGroups / Clustering Team
JBoss
More information about the infinispan-dev
mailing list