Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.Original topic: 公有云tidb安全组设置问题
|
username: TiDBer_5GvAkLi0
【TiDB Usage Environment】Production
【TiDB Version】5.4.1
【Encountered Problem】How should the security group on the public cloud be configured? Could someone please advise? I have only opened ports 22, 2379, and 3000 to our office’s external IP, but it hasn’t taken effect, as shown in the picture below.
If ports 2379 and 3000 are restricted to specific IPs, the cluster will report an error.
The error is as follows:
Is it possible to apply security groups only to the VPC? The server’s security group is fully open within the local network.
Hello, boss! The internal network of public cloud is connected by default! Security groups are set up for external networks! Now we need to add security group restrictions to open ports 2379 and 3000 only to the local external network! But after adding them, we found that the PD component and Grafana component went down! So it’s very strange, as all TiDB components communicate internally.
Hello, could you please provide the logs for when PD and Grafana went down? Thank you.
OK, PD log 
but it starts normally once the port is opened.
Hello, now I have opened all the ports (as shown in the picture), but I need to restrict ports 2379 and 3000 to only be accessible from our external office IP!
Can’t see clearly, please upload a high-definition original image or the text log.
After ensuring that all TiDB servers are added to the security group, you can add an internal network policy. For example:
Please replace the internal network CIDR with the CIDR of your VPC.
Okay, I’ll give it a try! Thank you very much for the guidance! Thanks.
It’s working now! Thank you so much for your guidance! I really appreciate it! It turns out that I needed to allow the internal network! I thought this security group was set up for the external network!
This topic was automatically closed 1 minute after the last reply. No new replies are allowed.
|
username: 
|
username: