SolrCloud required ports

Discussion:

Moshe Recanati | KMS

2018-12-03 08:22:06 UTC

Hi,
We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.
Our security team would like to open only the required ports between the servers.
Please let me know which ports we need to open between the servers?

Thank you

Regards,
Moshe Recanati
CTO
Mobile + 972-52-6194481
Skype : recanati
[KMS2]<http://finance.yahoo.com/news/kms-lighthouse-named-gartner-cool-121000184.html>
More at: www.kmslh.com<http://www.kmslh.com/> | LinkedIn<http://www.linkedin.com/company/kms-lighthouse> | FB<https://www.facebook.com/pages/KMS-lighthouse/123774257810917>

Jan Høydahl

2018-12-03 10:42:30 UTC

Permalink

Hi

This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.

If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk)
Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.

--
Jan HÃžydahl, search solution architect
Cominvent AS - www.cominvent.com

Moshe Recanati | KMS

2018-12-03 12:00:03 UTC

Permalink

Hi Jan,
Thank you.
To summarize we need to open these ports within the cluster:
8983
2181
2888
3888

Regards,
Moshe Recanati
CTO
Mobile + 972-52-6194481
Skype : recanati

More at: www.kmslh.com | LinkedIn | FB

-----Original Message-----
From: Jan Høydahl <***@cominvent.com>
Sent: Monday, December 3, 2018 12:43 PM
To: solr-user <solr-***@lucene.apache.org>
Subject: Re: SolrCloud required ports

Hi

This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.

If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk) Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.
--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

Post by Moshe Recanati | KMS
Hi,
We're currently running SolrCloud with 3 servers: 3 ZK and 3 Search Engines. Each one on each machine.
Our security team would like to open only the required ports between the servers.
Please let me know which ports we need to open between the servers?
Thank you
Regards,
Moshe Recanati
CTO
Mobile + 972-52-6194481 <tel:+%20972-52-6194481>
Skype : recanati
<https://urldefense.proofpoint.com/v2/url?u=http-3A__finance.yahoo.com
_news_kms-2Dlighthouse-2Dnamed-2Dgartner-2Dcool-2D121000184.html&d=DwI
FaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN
9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5qw-QKMMoTFQ&s=uMsj8Lg5_yk5C70SF
Xpo5k1wRp5x-n55rw3x5L4iVwQ&e=> More at: www.kmslh.com
<http://www.kmslh.com/> | LinkedIn
<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.linkedin.com_
company_kms-2Dlighthouse&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACVw6-ifVo6KHbawEu
qEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWyaGQdUkg8AU6Dl5q
w-QKMMoTFQ&s=WCIz8QUF02gSOunmgRennfMTdqBj6llOG0WkXzBurzc&e=> | FB
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.facebook.com
_pages_KMS-2Dlighthouse_123774257810917&d=DwIFaQ&c=EtlJpXAqSaq3cSC4ACV
w6-ifVo6KHbawEuqEp-kfN24&r=vNaquGtywQ6F1lNXYN9CVw&m=v6BhW17PQhjSm3ktWy
aGQdUkg8AU6Dl5qw-QKMMoTFQ&s=QI58JVs9eO7ARCUmSaJ4LVmBnR1unoV0jRSMBFhx7x

Erick Erickson

2018-12-03 17:43:24 UTC

Permalink

Others from the bin/solr script. Note that some are optional (JMX).
But to emphasize what Jan said: All these are configurable so you need
to make sure that whoever set up your system doesn't set these to
something else.

echo " -p <port> Specify the port to start the Solr HTTP
listener on; default is 8983"
echo " The specified port (SOLR_PORT) will also
be used to determine the stop port"
echo " STOP_PORT=(\$SOLR_PORT-1000) and JMX RMI
listen port RMI_PORT=(\$SOLR_PORT+10000). "
echo " For instance, if you set -p 8985, then the
STOP_PORT=7985 and RMI_PORT=18985"

Post by Moshe Recanati | KMS
Hi Jan,
Thank you.
8983
2181
2888
3888
Regards,
Moshe Recanati
CTO
Mobile + 972-52-6194481
Skype : recanati
More at: www.kmslh.com | LinkedIn | FB
-----Original Message-----
Sent: Monday, December 3, 2018 12:43 PM
Subject: Re: SolrCloud required ports
Hi
This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.
If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk) Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.
--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

Jan Høydahl

2018-12-04 22:39:37 UTC

Permalink

STOP_PORT is only useful from localhost anyway, so no use in opening it up.
JMX port only useful if you need to monitor the cluster using JMX and not metrics API

--
Jan HÃžydahl, search solution architect
Cominvent AS - www.cominvent.com

Post by Erick Erickson
Others from the bin/solr script. Note that some are optional (JMX).
But to emphasize what Jan said: All these are configurable so you need
to make sure that whoever set up your system doesn't set these to
something else.
echo " -p <port> Specify the port to start the Solr HTTP
listener on; default is 8983"
echo " The specified port (SOLR_PORT) will also
be used to determine the stop port"
echo " STOP_PORT=(\$SOLR_PORT-1000) and JMX RMI
listen port RMI_PORT=(\$SOLR_PORT+10000). "
echo " For instance, if you set -p 8985, then the
STOP_PORT=7985 and RMI_PORT=18985"

Post by Moshe Recanati | KMS
Hi Jan,
Thank you.
8983
2181
2888
3888
Regards,
Moshe Recanati
CTO
Mobile + 972-52-6194481
Skype : recanati
More at: www.kmslh.com | LinkedIn | FB
-----Original Message-----
Sent: Monday, December 3, 2018 12:43 PM
Subject: Re: SolrCloud required ports
Hi
This depends on your exact coniguration, so you should ask the engineers who deployed ZK and Solr, not this list.
If default solr port is used, you'd need at least 8983 open between servers and from the app server to the cluster.
If default zk port is used, you'd need port 2181 open between all three servers but not externally (unless you use a client that needs to talk to zk) Also zk needs to communicate internally in the quorum on two other ports, which could be using ports 2888 and 3888 but could also be something else depending on your exact configs. These will never need to be open outside the cluster.
--
Jan HÃžydahl, search solution architect
Cominvent AS - www.cominvent.com