node connectivity and security
wde at free.fr
Fri Feb 12 13:21:51 EST 2010
If I am right, the riak network layer is based on the erlang clustering system.
To build the TCP connections between your nodes, you have to open the TCP port 4369 and a dynamic TCP ports range that you can specify by editing the file vm.args :
add something like
-kernel inet_dist_listen_min 4000 inet_dist_listen_max 4005
to restrict the range to 4000 to 4005 for example.
The range size depends of the size of your cluster (how many servers run riak).
I think that, you also have to open the port defined by the riak_handoff_port paramater in your configuration file.
Concerning security, erlang cluster securiy is mainly based on the shared secret : the cookie, that you define in your riak configuration file.
There is no other authentication system, and communications between nodes are not encrypted.
In WAN environment, I think that the real problem (as always) is the latency introduced by the network. I have no experience with riak in this context.
I starts to read the code, some timeouts seems to be hard coded, but it's nothing to change ;p
let me know if i'm wrong.
>When the various nodes are in the same datacenter.... connectivity is a
>no-brainer. Can anyone comment on their experiences over a WAN connection?
>I'm curious about the security and privacy issues? Or is the simple answer
>riak-users mailing list
>riak-users at lists.basho.com
More information about the riak-users