Riak Cluster Setup on EC2

Eamonn eobrain at gmail.com
Sun Feb 6 19:20:38 EST 2011


After a lot if unsuccessful fiddling around with ports I gave up and 
just opened up all ports between the Riak nodes.

I suggest you set up a security group called "Riak" with settings 
something like the following:

   Protocol | From Port | To Port | Source (IP or group)
   ---------+-----------+---------+---------------------
   tcp      | 1         | 65535   | Riak group
   udp      | 1         | 65535   | Riak group
   tcp      | 8098      | 8098    | WebServer group

Although all the ports are open on the Riak nodes, it is still pretty 
secure because they are only open to nodes in the same security group, 
i.e. other Riak nodes.

The only port open outside the Riak cluster is the default HTTP port, 
which is only open to nodes in the "WebServer" security group.  Change 
"WebServer"  to be the security group of whatever nodes are using Riak.  
If you have changed the default or are using protocol buffers instead of 
HTTP you will have to change the port number.

You may also want to add the SSH port to so that you can login, but I 
suggest using a cloud-init script to do all the Riak installation and 
initialization at node creation time, so in normal production use will 
not need to SSH into the nodes.

__
Eamonn



On 2/4/11 9:00 AM, riak-users-request at lists.basho.com wrote:
> Date: Wed, 02 Feb 2011 21:33:20 +0530 From: Abhishek Kona 
> <abhishekk at flipkart.com> To: Sean Cribbs <sean at basho.com> Cc: 
> "riak-users at lists.basho.com" <riak-users at lists.basho.com> Subject: Re: 
> Riak Cluster Setup on EC2 Message-ID: <4D498048.3060005 at flipkart.com> 
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 
> 02/02/11 8:38 PM, Sean Cribbs wrote:
>> >  Abhishek,
>> >
>> >  First, make sure all of your nodes are in the same security group.
> Yes, both the machines are on the same security group ( which has only
> the ports 8098, 8099, 8087).
>> >      Second, check that your OS doesn't have an additional firewall installed (iptables, for example).
> I can telnet into the Riak ports from each of the machines, so firewall
> does not seem to be the issue.
>> >     Third, you might consider doing what the Chef recipe for Riak does and limit the ports that Erlang uses for distributed communication.  Adding a section to app.config like the below will limit the port range:
>> >
>> >  {kernel, [
>> >      {inet_dist_listen_min, 6000},
>> >      {inet_dist_listen_max, 7999}
>> >  ]}
>> >
>> >  You'll need to stop Riak, kill the "epmd" process, and then start Riak up again for this change to take effect.  Make sure those ports are also open in your security group and any software firewall you have.
>> >
> Tried with these changes as well, but still get the same message.
> Anything else, I can try?.
> Thanks for the help.
>> >  Sean Cribbs<sean at basho.com>
>> >  Developer Advocate
>> >  Basho Technologies, Inc.
>> >  http://basho.com/
>> >
>> >  On Feb 2, 2011, at 8:47 AM, Abhishek Kona wrote:
>> >
>>> >>  Hi folks
>>> >>
>>> >>  I am trying to set up a Riak cluster on EC2.
>>> >>  Each time I issue a command :
>>> >>
>>> >>  $ sudo riak-admin joinriak at 10.130.149.253
>>> >>
>>> >>  It fails :
>>> >>
>>> >>  Attempting to restart script through sudo -u riak
>>> >>
>>> >>  Noderiak at 10.130.149.253  is not reachable!
>>> >>
>>> >>
>>> >>  Netstat on both the machines says the ports are running fine.
>>> >>
>>> >>  netstat -na | egrep '(8087|8098|8099)'
>>> >>
>>> >>  tcp        0      0 0.0.0.0:8098            0.0.0.0:*               LISTEN
>>> >>
>>> >>  tcp        0      0 0.0.0.0:8099            0.0.0.0:*               LISTEN
>>> >>
>>> >>  tcp        0      0 0.0.0.0:8087            0.0.0.0:*               LISTEN
>>> >>
>>> >>
>>> >>  I can telnet to all the ports from each of the machine.
>>> >>  I have been pulling my hair for long but of no avail.
>>> >>  Can any one look and tell me what I am doing wrong.
>>> >>  Are there any debug logs where I can look at what is going wrong?
>>> >>  Is there any EC2 specific trick (like using public hostnames).
>>> >>
>>> >>  I am attaching my app.cfg file for reference.
>>> >>
>>> >>  Thanks
>>> >>  -Abhishek Kona
>>> >>
>>> >>  <app.cfg>_______________________________________________
>>> >>  riak-users mailing list
>>> >>  riak-users at lists.basho.com
>>> >>  http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>





More information about the riak-users mailing list