Access and activation of access between Linux hosts

In the near future, when testing and deploying the Greenplum cluster, when the cluster was first deployed, as well as some of the high-availability features that were tested later, the access issues between Linux hosts were involved. After troubleshooting this writing problem, it is necessary to conduct a comb and summary of the access rights in order to avoid this problem later.
For Linux hosts, access between hosts mainly involves several issues: IP address, SSH protocol, selinux limit, iptables firewall,/etc/hosts.allow server limit. These aspects are interrelated, in which the SSH protocol is the core and association: The SSH protocol determines the port of the server connection, the default is 22 port, can be modified, you can add multiple ports, the SSH protocol port and the IP address to match, is the client Connection server hardware address, Plus the user name and password authorization, you can control the user access to the remote host; SELinux restrictions are generally directly closed; iptables firewall configuration can access or output IP address, port restrictions, in the test environment, some people for convenience, Will shut down the iptables, avoid network interference, but the actual production environment, this must be open;/etc/hosts.allow server throttling is also important, and it is an access restriction from the server and user perspective.

SELinux Service SettingsFor SELinux services, is generally directly disabled, in its configuration file directly modified: Vim/etc/selinux/config modified to the following:
selinux=disabled

IP Address SettingsFor IP address, on the one hand is involved in the configuration of/etc/sysconfig/network-scripts/ifcfg-eth0 network card, on the one hand is involved in/etc/hosts IP and host resolution,/etc/sysconfig/network Hostname settings: This involves the following: Vim /etc/sysconfig/network-scripts/ifcfg-eth0
Service Network Restart

vim/etc/sysconfig/network hostname

vim/etc/hosts


sshd Service SettingsFor the sshd service, on the one hand is the configuration of the password and key issues, on the other hand is sshd configuration file, mainly port issues: vim/etc/ssh/sshd_config

# default value. Port 22 Port 22000

Restart Server and authentication:/etc/init.d/sshd Restart NETSTAT-NTLP | grep sshd

iptables firewall SettingsIptables firewall is mainly in the/etc/sysconfig/iptables configuration file, add the relevant policy, for a cluster of several hosts, add all the ports can access each other method is as follows, the cluster has four servers need mutual access, configuration file added: Vim/ Etc/sysconfig/iptables
-A input-p all-s 192.168.0.201-j accept-a input-p all-s 192.168.0.202-j accept-a input-p all-s 192.168.0 .203-j accept-a input-p all-s 192.168.0.200-j ACCEPT

-A output-p all-s 192.168.0.201-j accept-a output-p all-s 192.168.0.202-j accept-a output-p all-s 192.16 8.0.203-j accept-a output-p all-s 192.168.0.200-j ACCEPT

to restart the server and verify:
Service Iptables rstartiptables-l-N

/etc/hosts.allow Server Access Restrictions/etc/hosts.allow server limitations include the following: Vim/etc/hosts.allow

All:192.168.0.0/255.255.255.0sshd:all

Restart Server and authentication:/etc/rc.d/init.d/xinetd restart/etc/rc.d/init.d/network restart

Note: In the/etc/hosts.allow configuration file all:192.168.0.0/255.255.255.0 configuration, and cannot replace the following configuration, before the system has the above line, can be initialized properly, but in the installation of Greenplum Master Standby and segment Mirror will be an error, after joining the Sshd:all, these two operations will be completed normally.


through the configuration and setup of the above aspects, we can guarantee the mutual access and connectivity between several nodes within a cluster.

Access and activation of access between Linux hosts