I got my Riak cluster on EC2 set up last week, using a security group based on what Sean described.
The lingering parts for me were: 1. had to stop Riak, then kill "epmd", then start again 2. initially I'd tried to use Elastic IP addr (to minimize config if we move nodes) and that got stuck in my config causing nodes not recognize each other -- until I used "reip" to change the ring name, etc. Otherwise, worked fine. FWIW, we're testing on m1.xlarge with Ubuntu On Sun, Feb 6, 2011 at 16:20, Eamonn <[email protected]> wrote: > After a lot if unsuccessful fiddling around with ports I gave up and just > opened up all ports between the Riak nodes. > > I suggest you set up a security group called "Riak" with settings something > like the following: > > Protocol | From Port | To Port | Source (IP or group) > ---------+-----------+---------+--------------------- > tcp | 1 | 65535 | Riak group > udp | 1 | 65535 | Riak group > tcp | 8098 | 8098 | WebServer group > > Although all the ports are open on the Riak nodes, it is still pretty secure > because they are only open to nodes in the same security group, i.e. other > Riak nodes. > > The only port open outside the Riak cluster is the default HTTP port, which > is only open to nodes in the "WebServer" security group. Change "WebServer" > to be the security group of whatever nodes are using Riak. If you have > changed the default or are using protocol buffers instead of HTTP you will > have to change the port number. > > You may also want to add the SSH port to so that you can login, but I > suggest using a cloud-init script to do all the Riak installation and > initialization at node creation time, so in normal production use will not > need to SSH into the nodes. > > __ > Eamonn > > > > On 2/4/11 9:00 AM, [email protected] wrote: >> >> Date: Wed, 02 Feb 2011 21:33:20 +0530 From: Abhishek Kona >> <[email protected]> To: Sean Cribbs <[email protected]> Cc: >> "[email protected]" <[email protected]> Subject: Re: Riak >> Cluster Setup on EC2 Message-ID: <[email protected]> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 02/02/11 8:38 >> PM, Sean Cribbs wrote: >>> >>> > Abhishek, >>> > >>> > First, make sure all of your nodes are in the same security group. >> >> Yes, both the machines are on the same security group ( which has only >> the ports 8098, 8099, 8087). >>> >>> > Second, check that your OS doesn't have an additional firewall >>> > installed (iptables, for example). >> >> I can telnet into the Riak ports from each of the machines, so firewall >> does not seem to be the issue. >>> >>> > Third, you might consider doing what the Chef recipe for Riak does >>> > and limit the ports that Erlang uses for distributed communication. >>> > Adding >>> > a section to app.config like the below will limit the port range: >>> > >>> > {kernel, [ >>> > {inet_dist_listen_min, 6000}, >>> > {inet_dist_listen_max, 7999} >>> > ]} >>> > >>> > You'll need to stop Riak, kill the "epmd" process, and then start Riak >>> > up again for this change to take effect. Make sure those ports are also >>> > open in your security group and any software firewall you have. >>> > >> >> Tried with these changes as well, but still get the same message. >> Anything else, I can try?. >> Thanks for the help. >>> >>> > Sean Cribbs<[email protected]> >>> > Developer Advocate >>> > Basho Technologies, Inc. >>> > http://basho.com/ >>> > >>> > On Feb 2, 2011, at 8:47 AM, Abhishek Kona wrote: >>> > >>>> >>>> >> Hi folks >>>> >> >>>> >> I am trying to set up a Riak cluster on EC2. >>>> >> Each time I issue a command : >>>> >> >>>> >> $ sudo riak-admin [email protected] >>>> >> >>>> >> It fails : >>>> >> >>>> >> Attempting to restart script through sudo -u riak >>>> >> >>>> >> [email protected] is not reachable! >>>> >> >>>> >> >>>> >> Netstat on both the machines says the ports are running fine. >>>> >> >>>> >> netstat -na | egrep '(8087|8098|8099)' >>>> >> >>>> >> tcp 0 0 0.0.0.0:8098 0.0.0.0:* >>>> >> LISTEN >>>> >> >>>> >> tcp 0 0 0.0.0.0:8099 0.0.0.0:* >>>> >> LISTEN >>>> >> >>>> >> tcp 0 0 0.0.0.0:8087 0.0.0.0:* >>>> >> LISTEN >>>> >> >>>> >> >>>> >> I can telnet to all the ports from each of the machine. >>>> >> I have been pulling my hair for long but of no avail. >>>> >> Can any one look and tell me what I am doing wrong. >>>> >> Are there any debug logs where I can look at what is going wrong? >>>> >> Is there any EC2 specific trick (like using public hostnames). >>>> >> >>>> >> I am attaching my app.cfg file for reference. >>>> >> >>>> >> Thanks >>>> >> -Abhishek Kona >>>> >> >>>> >> <app.cfg>_______________________________________________ >>>> >> riak-users mailing list >>>> >> [email protected] >>>> >> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com >> > > > _______________________________________________ > riak-users mailing list > [email protected] > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > _______________________________________________ riak-users mailing list [email protected] http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
