[infinispan-dev] Infinispan EC2 demo firewall issue without locked down FD_SOCK start_port

Galder Zamarreno galder at jboss.org
Tue Jun 15 08:56:47 EDT 2010


Brutal, but effective :)

----- "Bela Ban" <bban at redhat.com> wrote:

> for my demo, I did the following:
> iptables -F ; chkconfig --del iptables ; ip6tables -F ; chkconfig
> --del 
> ip6tables
> 
> This helped (maybe not recommended for production :-))...
> 
> Vladimir Blagojevic wrote:
> > Bela worked recently in similar environment. Maybe he can provide
> you with a sample jgroups config that is EC2 friendly. 
> > On 2010-06-14, at 12:45 AM, Noel O'Connor wrote:
> >
> >   
> >> Hi Galder,
> >> Thanks for this, I'll take a look and fix it. I didn't notice it in
> the logs but I'll check it out.
> >>
> >> cheers
> >> Noel
> >>
> >> On 14/06/2010, at 7:44 AM, galder at redhat.com wrote:
> >>
> >>     
> >>> Hi Noel,
> >>>
> >>> First of all, thanks a million for writing
> http://infinispan.blogspot.com/2010/05/infinispan-ec2-demo.html. I
> think the work you did there is excellent.
> >>>
> >>> I had a question for you though. In your jgroups-* files, you use
> FD_SOCK without a start_port which by default binds to random port
> (http://community.jboss.org/wiki/JGroupsFDSOCK). Given Amazon rules, I
> don't think clustering is working as expected in your case, cos
> without locking this port and opening it in the firewall, you'll see
> WARN messages like this in the logs and the cluster view will not
> form:
> >>>
> >>> 2010-06-13 16:50:54,478 WARN  [org.jgroups.protocols.FD_SOCK]
> (OOB-1,infinispan-cluster,ip-10-194-230-242-27003) I
> (ip-10-194-230-242-27003) was suspected by
> domU-12-31-38-00-9C-52-25127; ignoring the SUSPECT message
> >>>
> >>> To get around the issue do the following:
> >>>
> >>> - Lock your FD_SOCK start_port values, i.e.    <FD_SOCK
> start_port="9777"/>
> >>> - Open TCP port 9777 in your security group.
> >>>
> >>> I'd suggest you verify your demo expectations bearing in mind this
> information and once you've done so, update the blog post :)
> >>>
> >>> Cheers,   
> >>> --
> >>> Galder Zamarreño
> >>> Sr. Software Engineer
> >>> Infinispan, JBoss Cache
> >>>
> >>> _______________________________________________
> >>> infinispan-dev mailing list
> >>> infinispan-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/infinispan-dev
> >>>       
> >> _______________________________________________
> >> infinispan-dev mailing list
> >> infinispan-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/infinispan-dev
> >>     
> >
> > --
> > Vladimir Blagojevic
> > JBoss Clustering Team
> > JBoss by Red Hat
> >
> >
> >
> >
> >   
> 
> -- 
> Bela Ban
> Lead JGroups / Clustering Team
> JBoss
> 
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev



More information about the infinispan-dev mailing list