Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.Original topic: tidb-pd的端口2379只对本地外网ip开放,其他ip都不开放2379端口,请问会不会影响集群的pd调度!?
|
username: TiDBer_5GvAkLi0
【TiDB Usage Environment】Production
【TiDB Version】5.4.1
【Encountered Problem】
Do the following TiDB ports need to be restricted: port 4000, port 2379, port 3000?
TiDB and PD internal communication use port 2379, and generally, internal networks do not impose firewall restrictions. You can refer to the network requirements here:
However, after testing, ports 2379 and 3000 are only open to the local VPN IP, causing the cluster to report errors!
I haven’t configured the security group for the public cloud before. Does it show that Grafana is down? Check the logs to see what error is reported.
The logs show that the connection failed, but it worked normally after I opened port 3000. This means that both ports 2379 and 3000 must be open to all public networks.
There must still be an issue with the internal network firewall configuration. The abnormal communication within the cluster does not require public network access.
Security group configurations in public clouds are generally aimed at external networks, while internal networks are open by default!
Yes, the internal network within the same region of the public cloud is connected! However, I need to set port 2379 to be open only to our office’s external IP. After setting port 2379 to be open only to one external IP, I found that the PD component status is down, which is very strange. TiDB and PD communicate through the internal network on port 2379, so why does the PD status go down after I set port 2379 to be open only to one external IP?
Hello, has the issue been resolved? I saw that it has been resolved in Public Cloud TiDB Security Group Settings Issue.
This topic was automatically closed 1 minute after the last reply. No new replies are allowed.
|
username: 
|
username: 
|
username: