This topic provides reference for configuring network access permissions during OCP deployment.
Deployment units
| Deployment unit | Description |
|---|---|
| OCP-Server | Docker containing the OCP management service program |
| OCP-Console | OCP web management console |
| OCP-Agent | Agents deployed on the hosts that are managed by OCP, namely OCP-Agent and OB-Agent |
| OBServer | OceanBase program deployed in OCP |
| OBProxy | OBProxy program deployed in OCP |
| Backup-Agent | Backup and recovery agent deployed in OCP |
| Application | Application that accesses the database |
OCP Docker
The OCP Docker contains OCP-Server and OBProxy. By default, OCP uses the OBProxy within the OCP Docker. This OBProxy accesses OCP-Server through the localhost address, and OCP-Server accesses the OceanBase cluster to be managed through the local OBProxy. Therefore, the OBProxy listening port in the OCP Docker does not need to be opened to other hosts.
Listening port list
| Deployment item | Listening port | Protocol | Modification | Accessible to the following deployment units | Remarks |
|---|---|---|---|---|---|
| OCP-Server | 8080 | HTTP | By setting the server.port OCP system parameter and restart OCP. |
OBServer OBProxy OCP-Console Backup-Agent | The web service of the OCP-Server listens to the port. In general, other components access OCP-Server through SLB or DNS address. |
| OCP-Server | 62881 to 63881 | TCP | Not supported | OCP-Server | Port for the communication between the monitor worker processes in OCP-Server. |
| OBServer | 2881 | TCP | Not supported | OBProxy OCP-Server Application | 1. OBServer SQL listening port. 2. By default, OCP-Server accesses OCP-Server through OBProxy. You can set the OCP system parameter obsdk.ob.connection.mode to direct to enable OCP-Server to access OBServer through direct connection. 3. We recommend that you do not use direct connection to access OBServer. |
| OBServer | 2882 | TCP | Not supported | OBServer | RPC communication port between OBServers. |
| OBProxy | 2883 | TCP | Not supported | Application OCP-Server Backup-Agent | 1. OBProxy listening port. 2. Applications access OBServer through OBProxy in general. 3. By default, OCP-Server accesses OBServer through the OBProxy within its own Docker. You can set the OCP system parameter ocp.system.obproxy.address to enable OCP-Server to access OBServer through an external OBProxy. |
| OBProxy | 2884 | HTTP | Not supported | OCP-Server | Listening port of the monitoring metrics API of OBProxy. |
| OCP-Agent | 62888 | TCP | Not supported | OCP-Server | OCP-Agent RPC listening port, which is used to receive commands from OCP-Server. |
| OCP-Agent | 62881 to 63881 | HTTP | Not supported | OCP-Server | Listening port of the monitoring metrics API of OCP-Agent. OCP-Agent uses an unused port within this range. |
| Backup-Agent | 2911 | TCP | You can change the port on the backup and recovery management page on OCP-Console. | None | Local listening port of Backup-Agent for performing backup. The port is not open to external access. If the port is used by another program, the Backup-Agent program will fail to start. |
| Backup-Agent | 2912 | TCP | You can change the port on the backup and recovery management page on OCP-Console. | None | Local listening port of Backup-Agent for performing recovery. The port is not open to external access. If the port is used by another program, the Backup-Agent program will fail to start. |