SolrCloud required ports

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

SolrCloud required ports

Moshe Recanati | KMS

Hi,

We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.

Our security team would like to open only the required ports between the servers.

Please let me know which ports we need to open between the servers?

 

Thank you

 

Regards,

Moshe Recanati

CTO

Mobile  + 972-52-6194481

Skype    :  recanati

More at:  www.kmslh.com | LinkedIn | FB

 

Reply | Threaded
Open this post in threaded view
|

Re: SolrCloud required ports

Jan Høydahl / Cominvent
Hi

This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.

If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk)
Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 3. des. 2018 kl. 09:22 skrev Moshe Recanati | KMS <[hidden email]>:
>
> Hi,
> We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.
> Our security team would like to open only the required ports between the servers.
> Please let me know which ports we need to open between the servers?
>  
> Thank you
>  
> Regards,
> Moshe Recanati
> CTO
> Mobile  + 972-52-6194481 <tel:+%20972-52-6194481>
> Skype    :  recanati
>  <http://finance.yahoo.com/news/kms-lighthouse-named-gartner-cool-121000184.html>
> More at:  www.kmslh.com <http://www.kmslh.com/> | LinkedIn <http://www.linkedin.com/company/kms-lighthouse> | FB <https://www.facebook.com/pages/KMS-lighthouse/123774257810917>
Reply | Threaded
Open this post in threaded view
|

RE: SolrCloud required ports

Moshe Recanati | KMS
Hi Jan,
Thank you.
To summarize we need to open these ports within the cluster:
8983
2181
2888
3888



Regards,
Moshe Recanati
CTO
Mobile  + 972-52-6194481
Skype    :  recanati

More at:  www.kmslh.com | LinkedIn | FB

-----Original Message-----
From: Jan Høydahl <[hidden email]>
Sent: Monday, December 3, 2018 12:43 PM
To: solr-user <[hidden email]>
Subject: Re: SolrCloud required ports

Hi

This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.

If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk) Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 3. des. 2018 kl. 09:22 skrev Moshe Recanati | KMS <[hidden email]>:
>
> Hi,
> We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.
> Our security team would like to open only the required ports between the servers.
> Please let me know which ports we need to open between the servers?
>  
> Thank you
>  
> Regards,
> Moshe Recanati
> CTO
> Mobile  + 972-52-6194481 <tel:+%20972-52-6194481>
> Skype    :  recanati
>  
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__finance.yahoo.com
> _news_kms-2Dlighthouse-2Dnamed-2Dgartner-2Dcool-2D121000184.html&d=DwI
> FaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN
> 9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5qw-QKMMoTFQ&s=uMsj8Lg5_yk5C70SF
> Xpo5k1wRp5x-n55rw3x5L4iVwQ&e=> More at:  www.kmslh.com
> <http://www.kmslh.com/> | LinkedIn
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_
> company_kms-2Dlighthouse&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEu
> qEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5q
> w-QKMMoTFQ&s=WCIz8QUF02gSOunmgRennfMTdqBj6llOG0WkXzBurzc&e=> | FB
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com
> _pages_KMS-2Dlighthouse_123774257810917&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACV
> w6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWy
> aGQdUkg8AU6Dl5qw-QKMMoTFQ&s=QI58JVs9eO7ARCUmSaJ4LVmBnR1unoV0jRSMBFhx7x
> U&e=>
Reply | Threaded
Open this post in threaded view
|

Re: SolrCloud required ports

Erick Erickson
Others from the bin/solr script. Note that some are optional (JMX).
But to emphasize what Jan said: All these are configurable so you need
to make sure that whoever set up your system doesn't set these to
something else.

    echo "  -p <port>     Specify the port to start the Solr HTTP
listener on; default is 8983"
    echo "                  The specified port (SOLR_PORT) will also
be used to determine the stop port"
    echo "                  STOP_PORT=(\$SOLR_PORT-1000) and JMX RMI
listen port RMI_PORT=(\$SOLR_PORT+10000). "
    echo "                  For instance, if you set -p 8985, then the
STOP_PORT=7985 and RMI_PORT=18985"
On Mon, Dec 3, 2018 at 4:00 AM Moshe Recanati | KMS <[hidden email]> wrote:

>
> Hi Jan,
> Thank you.
> To summarize we need to open these ports within the cluster:
> 8983
> 2181
> 2888
> 3888
>
>
>
> Regards,
> Moshe Recanati
> CTO
> Mobile  + 972-52-6194481
> Skype    :  recanati
>
> More at:  www.kmslh.com | LinkedIn | FB
>
> -----Original Message-----
> From: Jan Høydahl <[hidden email]>
> Sent: Monday, December 3, 2018 12:43 PM
> To: solr-user <[hidden email]>
> Subject: Re: SolrCloud required ports
>
> Hi
>
> This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.
>
> If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
> If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk) Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> > 3. des. 2018 kl. 09:22 skrev Moshe Recanati | KMS <[hidden email]>:
> >
> > Hi,
> > We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.
> > Our security team would like to open only the required ports between the servers.
> > Please let me know which ports we need to open between the servers?
> >
> > Thank you
> >
> > Regards,
> > Moshe Recanati
> > CTO
> > Mobile  + 972-52-6194481 <tel:+%20972-52-6194481>
> > Skype    :  recanati
> >
> > <https://urldefense.proofpoint.com/v2/url?u=http-3A__finance.yahoo.com
> > _news_kms-2Dlighthouse-2Dnamed-2Dgartner-2Dcool-2D121000184.html&d=DwI
> > FaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN
> > 9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5qw-QKMMoTFQ&s=uMsj8Lg5_yk5C70SF
> > Xpo5k1wRp5x-n55rw3x5L4iVwQ&e=> More at:  www.kmslh.com
> > <http://www.kmslh.com/> | LinkedIn
> > <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_
> > company_kms-2Dlighthouse&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEu
> > qEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5q
> > w-QKMMoTFQ&s=WCIz8QUF02gSOunmgRennfMTdqBj6llOG0WkXzBurzc&e=> | FB
> > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com
> > _pages_KMS-2Dlighthouse_123774257810917&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACV
> > w6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWy
> > aGQdUkg8AU6Dl5qw-QKMMoTFQ&s=QI58JVs9eO7ARCUmSaJ4LVmBnR1unoV0jRSMBFhx7x
> > U&e=>
Reply | Threaded
Open this post in threaded view
|

Re: SolrCloud required ports

Jan Høydahl / Cominvent
STOP_PORT is only useful from localhost anyway, so no use in opening it up.
JMX port only useful if you need to monitor the cluster using JMX and not metrics API

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 3. des. 2018 kl. 18:43 skrev Erick Erickson <[hidden email]>:
>
> Others from the bin/solr script. Note that some are optional (JMX).
> But to emphasize what Jan said: All these are configurable so you need
> to make sure that whoever set up your system doesn't set these to
> something else.
>
>    echo "  -p <port>     Specify the port to start the Solr HTTP
> listener on; default is 8983"
>    echo "                  The specified port (SOLR_PORT) will also
> be used to determine the stop port"
>    echo "                  STOP_PORT=(\$SOLR_PORT-1000) and JMX RMI
> listen port RMI_PORT=(\$SOLR_PORT+10000). "
>    echo "                  For instance, if you set -p 8985, then the
> STOP_PORT=7985 and RMI_PORT=18985"
> On Mon, Dec 3, 2018 at 4:00 AM Moshe Recanati | KMS <[hidden email]> wrote:
>>
>> Hi Jan,
>> Thank you.
>> To summarize we need to open these ports within the cluster:
>> 8983
>> 2181
>> 2888
>> 3888
>>
>>
>>
>> Regards,
>> Moshe Recanati
>> CTO
>> Mobile  + 972-52-6194481
>> Skype    :  recanati
>>
>> More at:  www.kmslh.com | LinkedIn | FB
>>
>> -----Original Message-----
>> From: Jan Høydahl <[hidden email]>
>> Sent: Monday, December 3, 2018 12:43 PM
>> To: solr-user <[hidden email]>
>> Subject: Re: SolrCloud required ports
>>
>> Hi
>>
>> This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.
>>
>> If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
>> If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk) Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.
>>
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>>
>>> 3. des. 2018 kl. 09:22 skrev Moshe Recanati | KMS <[hidden email]>:
>>>
>>> Hi,
>>> We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.
>>> Our security team would like to open only the required ports between the servers.
>>> Please let me know which ports we need to open between the servers?
>>>
>>> Thank you
>>>
>>> Regards,
>>> Moshe Recanati
>>> CTO
>>> Mobile  + 972-52-6194481 <tel:+%20972-52-6194481>
>>> Skype    :  recanati
>>>
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__finance.yahoo.com
>>> _news_kms-2Dlighthouse-2Dnamed-2Dgartner-2Dcool-2D121000184.html&d=DwI
>>> FaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN
>>> 9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5qw-QKMMoTFQ&s=uMsj8Lg5_yk5C70SF
>>> Xpo5k1wRp5x-n55rw3x5L4iVwQ&e=> More at:  www.kmslh.com
>>> <http://www.kmslh.com/> | LinkedIn
>>> <https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_
>>> company_kms-2Dlighthouse&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEu
>>> qEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5q
>>> w-QKMMoTFQ&s=WCIz8QUF02gSOunmgRennfMTdqBj6llOG0WkXzBurzc&e=> | FB
>>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com
>>> _pages_KMS-2Dlighthouse_123774257810917&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACV
>>> w6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWy
>>> aGQdUkg8AU6Dl5qw-QKMMoTFQ&s=QI58JVs9eO7ARCUmSaJ4LVmBnR1unoV0jRSMBFhx7x
>>> U&e=>