ClustrixDB requires a number of ports to allow internode communication. Depending on your specific deployment platform, you can:
- Open your security to allow all communication between nodes (recommended)
- Open the specific ports required for your cluster.
Ports required by ClustrixDB
This page summarizes the list of ports used by ClustrixDB. If using network security such as firewalls or security groups, the following network traffic must be allowed.
Internal Access Between ClustrixDB Nodes
These network ports are required for communication between ClustrixDB nodes. They must each be accessible by other nodes within the cluster.
| Protocol | Port | Use | Reason |
|---|---|---|---|
| TCP | 22 | SSH | Administration and upgrade |
| TCP, UDP | 2048 | Control Port | ClustrixDB specialized administrative tool |
| TCP, UDP | 2424 | Nanny Port | nanny - ClustrixDB process manager |
| TCP | 3306 | SQL | Database communication |
| TCP | 7888 | clxdbi | Database interface for ClustrixGUI |
| TCP, UDP | 24378 - 24410 | Multiport | ClustrixDB internode communication |
External Access
These network ports are used to access ClustrixDB externally from your applications and for cluster administration.
| Protocol | Port | Use | Reason |
|---|---|---|---|
| TCP | 22 | SSH | Remote management and cluster access |
| TCP | 8080* | HTTP | ClustrixGUI |
| TCP | 3306 | SQL | Database access |
| TCP | 3581 | Health Check | Heartbeat monitor for cluster |
*For root installation, ClustrixGUI uses port 80.
If you are using a firewall (like iptables) between the nodes, please open the specific ports.
Multiport
The multiport feature allows internode communication to and from any core of a cluster. It can improve performance under heavy load.
Starting at port 24379, (for both TCP and UDP), open the same number of ports as there are cores or hyper-threads licensed for a node. The maximum number of licensed cores per node is 32, hence the suggested maximum range of 24379 - 24410.
ClustrixDB does not support mixed-mode usage of multiport. That is, all nodes must uniformly have multiport enabled (default) or disabled, or the nodes will be unable to form a cluster.
See Modifying Startup Configuration Options for instructions on how to disable multiport, if necessary.
Two types of ssh authentication need to be configured: communication between nodes and access to nodes from outside the cluster.
Communication Between Nodes
ssh authentication between nodes is required for:
- Connecting via ssh between nodes
- Using the clx tool to collect logs, run diagnostics and perform cluster-wide actions.
- ClustrixDB Upgrades
Key Pair Authentication
Generate the key pair as the database user (clxd) using default filenames.
| shell> ssh username@hostname shell> ssh-keygen |
The output will look like:
Generating public/private rsa key pair. |
Add this to the list of authorized keys:
| shell> mkdir -p ~/.ssh shell> cat id_rsa.pub >> ~/.ssh/authorized_keys shell> chmod 600 ~/.ssh/authorized_keys shell> chmod 700 ~/.ssh |
Now copy the ~/.ssh/id_rsa.pub, ~/.ssh/id_rsa and ~/.ssh/authorized_keys files to every node in the cluster as the clxd user and verify that they have the same permissions.
To verify that ssh authentication is configured correctly, run this command as the clxd user
shell> /opt/clustrix/bin/clx cmd 'date' |
If dates are correctly returned from each node and no passwords are requested, setup is successful.
Repeat these steps for the clxm user.
Remote access to the cluster
Clustrix recommends configuring ssh keys for the clxd user to access the cluster remotely, though you may use an alternate configuration if desired.
If you do not already have one, generate a public key pair and copy it to every node:
| shell> mkdir -p ~clxd/.ssh |
Append the public key to ~clxm/.ssh/authorized_keys
shell> chown -R clxd ~clxd/.ssh |
Overview
Content Tools
Apps