Updated on 2024-11-21 GMT+08:00

Prerequisites for Creating a Host Cluster

Prerequisites

Preparations

Before verifying host connectivity, perform the following operations as required:

(Optional) Applying for an ECS

  1. Go to the console, choose Service List > Compute > Elastic Cloud Server. The Elastic Cloud Server page is displayed.
  2. Click Buy ECS on the ECS console.
  3. On the ECS configuration page, set parameters as prompted.
  4. After setting the parameters, click Submit and the ECS is created.

(Optional) Applying for an EIP

  1. Go to the console. In the upper left corner of the page, choose Service List > Networking.
  2. Click Buy EIP.
  3. After setting the parameters, click Next.

Security Configuration

To ensure successful host connectivity, configure the host as follows:

Configuring a Security Group

Before verifying host connectivity, configure a security group and enable some ports. Otherwise, the connectivity verification may fail. (The following uses a Linux host as an example.)

  1. Go to the console. In the upper left corner of the page, choose Service List > Compute > Elastic Cloud Server. The Elastic Cloud Server page is displayed.
  2. Click the target ECS. On the ECS details page, click the Security Groups tab. Click a security group ID. On the page that is displayed, click Manage Rules and then click Inbound Rules.

  3. Click Fast-Add Rules and set the parameters as follows:

    • For Linux hosts, enable port 22 in the inbound rule. For Windows hosts, enable ports 54, 5985, and 5986 in the inbound rule when adding the target host or proxy host. Set the remote end to 0.0.0.0/0 (open the preceding ports for all IP addresses).

      If you have high security requirements on the overall deployment process and the preceding ports cannot be opened to all IP addresses, add the following IP addresses to the security group and remove port restrictions. Otherwise, host connectivity verification cannot be performed.

      China (all regions):

      Singapore:
      114.119.185.21
      Sao Paulo:
      159.138.214.24
      Mexico:
      122.8.183.54
      110.238.80.148
      Santiago:
      119.8.154.190
      Türkiye:
      101.44.36.238
      Riyadh:
      101.46.48.174
      Cairo:
      101.46.64.14
      Johannesburg:
      159.138.166.36

      The IP addresses above are open IP addresses in the official resource pool of CodeArts Deploy for communications with target hosts and proxy hosts.

    • Remove the inbound restriction on the port of the application deployed on the host (for example, port 8080 of the Tomcat application or all ports of other applications must be enabled in the inbound direction). Otherwise, the application cannot be accessed.
    • Remove the restriction on the outbound direction or at least make ports 80 and 443 accessible.

Configuring firewalls

Check the firewall configuration of the host and configure the firewall to allow the SSH protocol port to be accessed. Otherwise, the connectivity verification fails. The following part describes how to configure the firewall for different operating systems.

  • Linux Firewall Configurations
    Table 1 Linux firewall configurations

    OS Series

    Configuration Method

    CentOS/EulerOS/UnionTechOS

    1. Check whether the SSH software package is installed on the local host.
      rpm -qa | grep ssh

      If the command output contains openssh-server, the SSH software package has been installed.

    2. If no SSH software package is available, run the following command:
      yum install openssh-server
    3. Enable the SSH service.
      service sshd start
    4. Open the sshd configuration file.
      vi /etc/ssh/sshd_config
    5. Delete the comment tag before the listening port number.
    6. Restart the SSH service. Run the following command:
      sudo service sshd restart
    7. Check whether port 22 is enabled.
      netstat -ntpl | grep 22
      NOTE:

      If you have high security requirements on the overall deployment process and do not want to open the preceding ports to all IP addresses, you can configure an IP address whitelist.

      Add the following command to the end of the sshd_config file and save the file:

      AllowUsers {User}@{IP}

      Restart the SSH service:

      sudo service sshd restart

      User: whitelisted username. IP: whitelisted IP address. The whitelist should contain CodeArts IP address range.

      China (all regions):

      Singapore:
      114.119.185.21
      Sao Paulo:
      159.138.214.24
      Mexico:
      122.8.183.54
      110.238.80.148
      Santiago:
      119.8.154.190
      Türkiye:
      101.44.36.238
      Riyadh:
      101.46.48.174
      Cairo:
      101.46.64.14
      Johannesburg:
      159.138.166.36

      The IP addresses above are open IP addresses in the official resource pool of CodeArts Deploy for communications with target hosts and proxy hosts.

    Debian

    1. Log in to the system as the root user and install the ufw.
      apt install ufw
    2. Enable port 22.
      ufw allow 22/tcp
    3. Check whether port 22 is enabled.
      ufw status

      If ufw is in the inactive status, run the following command to start ufw:

      ufw enable
      NOTE:

      If you have high security requirements on the overall deployment process and do not want to open the preceding ports to all IP addresses, you can configure an IP address whitelist.

      Run the following command to add an IP address to the whitelist:

      ufw allow from {IP} to any port 22

      IP: whitelisted IP address. The whitelist should contain CodeArts IP address range.

      Check the ufw rule list:

      ufw status numbered

      Disable the SSH connection rule (disable the rule whose source IP address is Anywhere to implement whitelist restriction).

      ufw delete {Number}

      Number: Number of the rule to be disabled.

      China (all regions):

      Singapore:
      114.119.185.21
      Sao Paulo:
      159.138.214.24
      Mexico:
      122.8.183.54
      110.238.80.148
      Santiago:
      119.8.154.190
      Türkiye:
      101.44.36.238
      Riyadh:
      101.46.48.174
      Cairo:
      101.46.64.14
      Johannesburg:
      159.138.166.36

      The IP addresses above are open IP addresses in the official resource pool of CodeArts Deploy for communications with target hosts and proxy hosts.

    Ubuntu

    1. Check the IP address of the local host.
      ifconfig
    2. Check whether the 22 port is occupied.
      netstat -nltp|grep 22
    3. If no port process exists, run the following commands in sequence:
      sudo apt-get install openssh-server
      sudo apt-get install ufw
      sudo ufw enable
      sudo ufw allow 22
      NOTE:

      If you have high security requirements on the overall deployment process and do not want to open the preceding ports to all IP addresses, you can configure an IP address whitelist.

      Run the following command to add an IP address to the whitelist:

      sudo ufw allow from {IP} to any port 22

      IP: whitelisted IP address. The whitelist should contain CodeArts IP address range.

      Check the ufw rule list:

      ufw status numbered

      Disable the SSH connection rule (disable the rule whose source IP address is Anywhere to implement whitelist restriction).

      ufw delete {Number}

      Number: Number of the rule to be disabled.

      China (all regions):

      Singapore:
      114.119.185.21
      Sao Paulo:
      159.138.214.24
      Mexico:
      122.8.183.54
      110.238.80.148
      Santiago:
      119.8.154.190
      Türkiye:
      101.44.36.238
      Riyadh:
      101.46.48.174
      Cairo:
      101.46.64.14
      Johannesburg:
      159.138.166.36

      The IP addresses above are open IP addresses in the official resource pool of CodeArts Deploy for communications with target hosts and proxy hosts.

  • Windows Firewall Configurations

    This section uses Windows Server 2012 as an example.

  1. Choose Windows Firewall on the control panel of the Windows host.

  2. Click Advanced settings.

  3. Click Inbound Rules.

  4. Click New Rule.

  5. Set Rule Type to Port and click Next.

  6. Select TCP and Specific local ports, enter port 5986, and click Next.

  7. Select Allow the connection, and click Next.

  8. Select all the options for Profile and click Next.

  9. Enter a rule name and click Finish.

  10. Repeat steps 1 to 9 to add an inbound rule for the proxy listening port, for example, port 54.
  11. If you have high security requirements on the overall deployment process and do not want to open the preceding ports to all IP addresses, you can configure an IP address whitelist. (Optional)

    1. Choose Windows Firewall on the control panel of the Windows host.

    2. Click Advanced settings.

    3. Click Inbound Rules.

    4. Click New Rule.

    5. Set Rule Type to Custom and click Next.

    6. Set Program to All programs and click Next.
    7. Set Protocal type to TCP, set Local port to Specific Ports, enter port 5986, and click Next.

    8. In the Scope area, select Any IP address for Which local IP addresses does this rule apply to? and select These IP addresses for Which remote IP addresses does this rule apply to?, enter a whitelisted IP address and click Next.

    9. Select Allow the connection, and click Next.

    10. Select all the options for Profile and click Next.

    11. Enter a rule name and click Finish.

    12. Repeat steps 1 to 11 to add an inbound rule for the proxy listening port, for example, port 54.