Selasa, 26 Juni 2018

How to configure Galera Cluster on Linux system Redhat Centos 7

  Tidak ada komentar
Firewall Setting
Galera Cluster requires a number of ports in order to maintain network connectivity between the nodes. Depending on your deployment, you may require all or some of these ports on each node in the cluster:
  • 3306 For MySQL client connections and State Snapshot Transfer that use the mysqldump method.
  • 4567 For Galera Cluster replication traffic, multicast replication uses both UDP transport and TCP on this port.
  • 4568 For Incremental State Transfer.
  • 4444 For all other State Snapshot Transfer
The commands given in the above section allow you to configure FirewallD on a running server and update the firewall rules without restarting. However, these changes are not persistent. When the server restarts, FirewallD reverts to its default configuration. To update the default configuration yourself, a somewhat different approach is required:

Setting for Firewalld firewall service
1. Enable the database service for FirewallD:
sudo firewall-cmd --zone=public --add-service=mysql --permanent
2. Open the TCP ports for Galera Cluster:
sudo firewall-cmd --zone=public --add-port=4568/tcp --permanent
sudo firewall-cmd --zone=public --add-port=4444/tcp --permanent
3. Optionally, in the event that you would like to use multicast replication, run this command as well to open UDP transport on 4567:
sudo firewall-cmd --zone=public --add-port=4567/udp --permanent
4. Reload the firewall rules, maintaining the current state information:
sudo firewall-cmd --reload
5. Check the current rules information:
sudo firewall-cmd --list-all
Setting for Iptables firewall service
When configuring packet filtering rules for a LAN environment, such as on an office network, there are four ports that you need to open to TCP for Galera Cluster and one to UDP transport to enable multicast replication. This means five commands that you must run on each cluster node:
sudo iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 3306 --source 192.168.0.1/24 --jump ACCEPT
sudo iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 4567 --source 192.168.0.1/24 --jump ACCEPT
sudo iptables --append INPUT --in-interface eth0 --protocol udp --match udp --dport 4567 --source 192.168.0.1/24 --jump ACCEPT
sudo iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 4568 --source 192.168.0.1/24 --jump ACCEPT
sudo iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 4444 --source 192.168.0.1/24 --jump ACCEPT
These commands open the relevant ports to TCP and UDP transport. It assumes that the IP addresses in your network begin with 192.168.0.1/24
Note

Warning: The IP addresses in the example are for demonstration purposes only. Use the real values from your nodes and netmask in your iptables configuration.
Galera Cluster can now pass packets through the firewall to the node, but the configuration reverts to default on reboot. In order to update the default firewall configuration you have to make Firewall Changes Persistent
For systems that use init, you can save the packet filtering state with one command:
sudo service save iptables 
For systems that use systemd, you need to save the current packet filtering rules to the path the iptables unit reads from when it starts. This path can vary by distribution, but you can normally find it in the /etc directory. For example:
  • /etc/sysconfig/iptables
  • /etc/iptables/iptables.rules
Once you find where your system stores the rules file, use iptables-save to update the file:
sudo iptables-save > /etc/sysconfig/iptables
When your system reboots, it now reads this file as the default packet filtering rules.

Tidak ada komentar :

Posting Komentar