Issue with clustering Riak nodes on CentOS servers.

Bryan Hughes bryan at go-factory.net
Tue Oct 30 18:35:40 EDT 2012


Hi James,

We have a 5 node cluster running in production with no problems on 
CentOS.  We have each node isolated on a private lan.  Our application 
server has two interfaces, one to the outside world with a very 
restricted firewall, and the second connected to the private lan with 
the 5 nodes.

Assuming you set the node names accordingly and followed:

http://docs.basho.com/riak/latest/cookbooks/Basic-Cluster-Setup/

One thing to check would your firewall, which is by default on with CentOS.

 >sudo service iptables status

If you have your 4 nodes on a private lan, or perhaps well protected 
behind a firewall as an internal deployment, then it is relatively 
straight forward.  You can just turn off your firewall on the 4 machines.

If your machines are not on a isolated private lan and are exposed to 
the internet, or just need to be protected behind a firewall, you will 
need to do the following.

http://docs.basho.com/riak/1.2.0/cookbooks/Network-Security-and-Firewall-Configurations/

First, in your app.config, you will need to add the following at the top 
level (same as riak.core).  You can pick whatever min and max range you 
want - here I arbitrarily chosen 4 ports:

{ kernel, [
             {inet_dist_listen_min, 7010},
             {inet_dist_listen_max, 7014}
           ]},

Next, on each or our riak nodes, you will need to edit your iptables.  I 
tend to edit them manually using sudo.

 > sudo vi /etc/sysconfig/iptables (and add the following to 
RH-Firewall-1-INPUT just above the icmp-host-prohibited)

-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 4369 
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8087 
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8099 
-j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 
7010:7014 -j ACCEPT

 > sudo service iptables restart

After doing this on all the nodes, they should all be visible to each 
other.  If you wanted to lock down your firewall even further, you can 
specify a range of IP addresses.

Finally, on the machine that your erlang application or Riak client, you 
will need to do the following:

sudo vi /etc/sysconf/iptable (and add the following to 
RH-Firewall-1-INPUT just above the icmp-host-prohibited)

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8098 
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8087 
-j ACCEPT

 > sudo service iptables restart


Hope this helps...
Bryan


On 10/30/12 11:39 AM, SWEENEY, JAMES wrote:
> Hello,  I am attempting to create a 4 node riak installation on 4 separate CentOS servers.   Installation of Riak went well.  We have run simple tests like riak ping, sudo curl \-v http://127.0.0.1:8098/riak/test, ect,  and everything seems fine with the riak servers,  they all start up with no errors.  We used the default ports in the app.config files.   Ie:  epmd listener: TCP:4369
> handoff_port listener: TCP:8099
> web_port: TCP:8098
> pb_port: TCP:8087
>
> We have updated all ip addresses in the config files as instructed on the riak site.  Also, we have verified by telnet that the ports are all open and that I can telnet between the riak servers.    Still after all of that,  when I try to do a cluster command I get the following response:
>
>
> [root at essd-riak-test-server ~]# riak-admin cluster join riak at 10.1.78.9
> Attempting to restart script through sudo -H -u riak
> Node riak at 10.1.78.9 is not reachable!
> [root at essd-riak-test-server ~]#
>
> I have been stuck on this issue for quite a while and tried everything I found on the riak web site to resolve this.  Any help you could offer would greatly be appreciated.   Thanks in advance.
>
> Sincerely,
>
> James Sweeney
>
>
>
>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
> -- 
>
> Bryan Hughes
> CTO and Founder / *Go Factory*
> (415) 515-7916
> http://www.go-factory.net
>
> /"Art is never finished, only abandoned. - Leonardo da Vinci"/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20121030/595f9344/attachment.html>


More information about the riak-users mailing list