By default, the Interset installation requires iptables/firewalld to be disabled to prevent any blockers in the installation. If there is a requirement for these services (iptables/firewalld) we recommend for them to be configured and running once the installation is complete.
iptables.txt outlines the rules required to allow all inbound communication for each node type when using iptables.
firewalld.txt outlines the rules required to allow all inbound communication for each node type when using firewalld. Note that this defaults to the public zone which may need modification based on your specific configuration.
- These configurations assume that all outgoing communication is permitted from each server.
- Spark executors use randomized port numbers, it will not be possible to view stdout/stderr for executors (and possibly drivers) with a firewall configured in this fashion unless you whitelist specific hosts to have access to a massive port range. Suggestion would be to use yarn logs -applicationId <application ID> to retrieve logs in the scenario that this firewall configuration is used.
- These documents are provided as-is, and are for reference only. These may require further configuration depending on your environment, and Interset is not responsible for any issues that arise from their use.