You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/09/27 07:46:27 UTC

[GitHub] drunksaint opened a new issue #842: Couchdb 2 firewall settings from tutorial not restricting ports for cluster communication

drunksaint opened a new issue #842: Couchdb 2 firewall settings from tutorial not restricting ports for cluster communication
URL: https://github.com/apache/couchdb/issues/842
 
 
   <!--- Provide a general summary of the issue in the Title above -->
   i'm trying to setup a couchdb 2 cluster with the firewall setup as mentioned in http://docs.couchdb.org/en/latest/cluster/setup.html#make-couchdb-use-the-open-ports
   
   ## Expected Behavior
   <!--- If you're describing a bug, tell us what should happen -->
   <!--- If you're suggesting a change/improvement, tell us how it should work -->
   If i am understanding this correctly, the 2 couchdb nodes should be able to communicate with each other if just this port range is open to each other in the system firewall.
   
   ## Current Behavior
   <!--- If describing a bug, tell us what happens instead of the expected behavior -->
   <!--- If suggesting a change/improvement, explain the difference from current behavior -->
   The 2 nodes in the cluster aren't able to communicate if the firewall is restricted to the ports 9100-9200. But they work fine if the firewall is disabled. On looking at the ports on both nodes that are being used to communicate, the couchdb processes on both machines are using ports in the >30k range despite having the configuration mentioned in the documentation link i've mentioned above.
   
   I've restarted both couchdb processes after updating the sys.conf file. And verified that this is indeed the file being used by looking at the config file parameter present in the ps aux for the couchdb process.
   
   ## Steps to Reproduce (for bugs)
   <!--- Provide a link to a live example, or an unambiguous set of steps to -->
   <!--- reproduce this bug. Include code to reproduce, if relevant -->
   1. Setup 2 couchdb nodes in cluster mode and add both machines to the same cluster
   2. Enable system firewall to allow only ports 9100-9200 open on both machines to the other machine
   3. Edit sys.conf as mentioned in the cluster setup page on both machines
   4. Restart both couchdb instances
   5. check /_membership on one machine. it doesn't show that both nodes are connected to the same cluster. adding a database/doc on one machine doesn't show up on the other machine in fauxton.
   6. disable system firewall. now /_membership shows both machines connected and the db and docs appear on both machines.
   
   ## Your Environment
   <!--- Include as many relevant details about the environment you experienced the bug in -->
   * Version used: 2.1.0
   * Operating System and version (desktop or mobile): ubuntu 16.04
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services