How to configure Galera Cluster on Linux system Redhat Centos 7
Firewall Setting
Galera Cluster requires a number of ports in order to maintain network connectivity between the nodes. Depending on your deployment, you may require all or some of these ports on each node in the cluster:
- 3306 For MySQL client connections and State Snapshot Transfer that use the mysqldump method.
- 4567 For Galera Cluster replication traffic, multicast replication uses both UDP transport and TCP on this port.
- 4568 For Incremental State Transfer.
- 4444 For all other State Snapshot Transfer
The commands given in the above section allow you to configure FirewallD on a running server and update the firewall rules without restarting. However, these changes are not persistent. When the server restarts, FirewallD reverts to its default configuration. To update the default configuration yourself, a somewhat different approach is required:
Setting for Firewalld firewall service
1. Enable the database service for FirewallD:
2. Open the TCP ports for Galera Cluster:
4567
:
4. Reload the firewall rules, maintaining the current state information:
5. Check the current rules information:
Setting for Iptables firewall service
When configuring packet filtering rules for a LAN environment, such as on an office network, there are four ports that you need to open to TCP for Galera Cluster and one to UDP transport to enable multicast replication. This means five commands that you must run on each cluster node:
These commands open the relevant ports to TCP and UDP transport. It assumes that the IP addresses in your network begin with 192.168.0.1/24
Note
Warning: The IP addresses in the example are for demonstration purposes only. Use the real values from your nodes and netmask in your
iptables
configuration.
Galera Cluster can now pass packets through the firewall to the node, but the configuration reverts to default on reboot. In order to update the default firewall configuration you have to make Firewall Changes Persistent
For systems that use
init
, you can save the packet filtering state with one command:
For systems that use
systemd
, you need to save the current packet filtering rules to the path the iptables
unit reads from when it starts. This path can vary by distribution, but you can normally find it in the /etc
directory. For example:/etc/sysconfig/iptables
/etc/iptables/iptables.rules
Once you find where your system stores the rules file, use
iptables-save
to update the file:
Tidak ada komentar :
Posting Komentar