Skip to end of metadata
Go to start of metadata

ClustrixDB requires a number of ports to allow internode communication. Depending on your specific deployment platform, you can:

  1. Open your security to allow all communication between nodes (recommended)
  2. Open the specific ports required for your cluster. 

Ports required by ClustrixDB

This page summarizes the list of ports used by ClustrixDB. If using network security such as firewalls or security groups, the following network traffic must be allowed.

Internal Access Between ClustrixDB Nodes

These network ports are required for communication between ClustrixDB nodes. They must each be accessible by other nodes within the cluster.

ProtocolPortUseReason
TCP22SSHAdministration and upgrade
TCP, UDP2048Control PortClustrixDB specialized administrative tool
TCP, UDP2424 Nanny Portnanny - ClustrixDB process manager
TCP3306SQL

Database communication

TCP7888clxdbiDatabase interface for ClustrixGUI
TCP, UDP24378 - 24410MultiportClustrixDB internode communication

External Access

These network ports are used to access ClustrixDB externally from your applications and for cluster administration.

ProtocolPort                UseReason
TCP22SSHRemote management and cluster access   
TCP8080*HTTPClustrixGUI
TCP3306SQLDatabase access
TCP3581Health CheckHeartbeat monitor for cluster

*for root installs. Non-root installations will use port 80. 

If you are using a firewall (like iptables) between the nodes, please open the specific ports. 

Multiport

The multiport feature allows internode communication to and from any core of a cluster. It can improve performance under heavy load.

Starting at port 24379, (for both TCP and UDP), open the same number of ports as there are cores or hyper-threads licensed for a node. The maximum number of licensed cores per node is 32, hence the suggested maximum range of 24379 - 24410.

ClustrixDB does not support mixed-mode usage of multiport. That is, all nodes must uniformly have multiport enabled (default) or disabled, or the nodes will be unable to form a cluster. 

See Modifying Startup Configuration Options for instructions on how to disable multiport, if necessary.

Two types of ssh authentication need to be configured: communication between nodes and access to nodes from outside the cluster. 

Communication Between Nodes

ssh authentication between nodes is required for:

  • Connecting via ssh between nodes
  • Using the clx tool to collect logs, run diagnostics and perform cluster-wide actions.
  • ClustrixDB Upgrades

Key Pair Authentication

Generate the key pair as the database user (clxd) using default filenames. 

shell> ssh username@hostname
shell> ssh-keygen

The output will look like:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/clxd/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/clxd/.ssh/id_rsa.
Your public key has been saved in /home/clxd/.ssh/id_rsa.pub.
The key fingerprint is:
96:f6:07:ef:a7:cc:e3:0c:9a:44:c7:ed:33:fa:cf:62 clxd@node1

Add this to the list of authorized keys:

shell> mkdir -p ~/.ssh
shell> cat id_rsa.pub >> ~/.ssh/authorized_keys
shell> chmod 600 ~/.ssh/authorized_keys

shell> chmod 700 ~/.ssh

Now copy the  ~/.ssh/id_rsa.pub,  ~/.ssh/id_rsa and  ~/.ssh/authorized_keys files to every node in the  cluster as the clxd user and verify that they have the same permissions. 

To verify that ssh authentication is configured correctly, run this command as the clxd user

shell> /opt/clustrix/bin/clx cmd 'date'

If dates are correctly returned from each node and no passwords are requested, setup is successful.

Repeat these steps for the clxm user. 

Remote access to the cluster

Clustrix recommends configuring ssh keys for the clxd user to access the cluster remotely, though you may use an alternate configuration if desired. 

If you do not already have one, generate a public key pair and copy it to every node:

shell> mkdir -p ~clxd/.ssh

Append the public key to ~clxm/.ssh/authorized_keys

shell> chown -R clxd ~clxd/.ssh
shell> chmod 700 ~clxd/.ssh
shell> chmod 600 ~clxd/.ssh/authorized_keys
shell> cat id_rsa.pub >> ~ /.ssh/ authorized_keys

  • No labels