Troubleshooting firewall issues with database ports

If you experience database connection issues, you might need to ensure that the local firewall on each node is allowing requests to reach the node IP address and also check other firewall settings.

Do not follow the instructions in IBM Cloud Pak for Data documentation as they do not apply to Cloud Pak for Data that is installed on the System.

Following are the steps to open the ports on Cloud Pak for Data System.

For the list of ports that are allowed by default on Cloud Pak for Data System, see The list of default ports for protocols .

If you are on versions 1.0.7.3 or lower:
  1. Generate the XML file to open ports. Consult system administrator or vendor documentation for the list of ports and contact IBM Support to ensure the ports do not conflict with any existing rules.
    Example XML to open TCP port 51022 for a service:
    <!--my random service-->
<port protocol="tcp" port="51022"/>
  2. Append the generated firewall XML to /etc/firewalld/customer_override.xml on all three control nodes.
  3. Open the port immediately on all three control nodes:
    firewall-cmd --add-port=51022/tcp --zone=appliance
    firewall-cmd --runtime-to-permanent
If you are on version 1.0.7.4 or 1.0.7.5:
  1. Generate the XML file to open ports. Consult system administrator or vendor documentation for the list of ports and contact IBM Support to ensure the ports do not conflict with any existing rules.
    Example XML to open TCP port 51022 for a service:
    <!--my random service-->
<port protocol="tcp" port="51022"/>
  2. Place the XML on e1n1 in persistent location, for example: /root/my_random_service.xml
  3. Run the command on e1n1 to add rules across all three control nodes:
    /opt/ibm/appliance/platform/xcat/scripts/xcat/firewall_rule_updator.py -a -f /root/my_random_service.xml -n 'node1,node2,node3'
If you are on version 1.0.7.6 or later:
  1. Generate the XML file to open ports. Consult system administrator or vendor documentation for the list of ports and contact IBM Support to ensure the ports do not conflict with any existing rules.
    Example XML to open TCP port 51022 for a service:
    <!--my random service-->
<port protocol="tcp" port="51022"/>
  2. Place the XML on e1n1 in persistent location, for example: /root/my_random_service.xml
  3. Run the command on e1n1 to add rules across all three control nodes:
    /opt/ibm/appliance/platform/xcat/scripts/xcat/firewall_rule_updater.py -a -f /root/my_random_service.xml -n 'node1,node2,node3'