Client
| IP address of the node where the source device is located.
| 1024–65535
| DN
| IP address of the node where the DN is located.
| dataPortBase
| TCP
| [Function] Port for the client to send connection requests. [Description] The port number ranges from 1024 to 65529. The actual value is equal to the value of the GUC parameter port. [Enabled by default after installation] Yes
| Yes
| Method 1: username/password, based on SHA-256 or SM3 authentication. | SSL encryption | User plane | openGauss 1.0.0 | None | SQL
|
Method 2: username/password, based on MD5 authentication (This method is not supported by default. It is reserved for compatibility with open-source third-party tools and is not recommended.) | SSL encryption |
Method 3: certificate authentication | Data is encrypted using SSL. |
Internal tool | IP address of the node where the cluster is located. | 1024–65535 | dataPortBase+1 | TCP | [Function] Port for the internal tool to send connection requests. [Description] The port number ranges from 1025 to 65530. The actual value is equal to the value of the GUC parameter port plus 1. [Enabled by default after installation] Yes | Yes | Method 1: username/password, based on SHA-256, SM3, or MD5 authentication (MD5 is not supported by default. It is reserved for compatibility with open-source third-party tools and is not recommended.) Method 2: Local trust authentication (only for initial users whose usernames are the same as that of the OS user who runs the database) | SSL encryption | Maintenance plane | openGauss 1.0.0 | None | Storage |
Primary and standby DNs | IP address of the node where the source device is located. | 1024–65535 | haPort
| TCP | [Function] Port for replication between primary and standby DNs. The standby DN connects to the primary DN. [Description] The port number ranges from 1025 to 65530. The actual value is equal to the value of localport in the connection string of the GUC parameter replconninfo. The default value is the value of port plus 1, which is the same as the value of dataPortBase plus 1. [Enabled by default after installation] Yes | Yes | IP address authentication or IP address + Kerberos authentication | SSL encryption | Maintenance plane | openGauss 1.0.0 | None | Storage |
Client | IP address of the node where the source device is located. | 1024-65535 | TCP | [Function] Port for connecting to a DN to extract logical logs. [Description] The port number ranges from 1025 to 65530. The actual value is equal to the value of localport in the connection string of the GUC parameter replconninfo. The default value is the value of port plus 1, which is the same as the value of dataPortBase plus 1. [Enabled by default after installation] Yes | Yes | Username/Password, based on SHA-256, SM3, or MD5 authentication (MD5 is not supported by default. It is reserved for compatibility with open-source third-party tools and is not recommended.) | SSL encryption | User plane | openGauss 1.0.0 | None | Storage |
Standby DN | IP address of the node where the source device is located. | 1024–65535 | remote heartbeat port | TCP | [Function] Port for the heartbeat connection request between the primary and standby DNs. [Description] The port number ranges from 1029 to 65535. The actual value is equal to the value of remoteheartbeatport in the connection string of the GUC parameter replconninfo. The default value is the value of port plus 5. [Enabled by default after installation] Yes | Yes | IP address authentication | Data is not encrypted. | Maintenance plane | openGauss 1.0.0 | None | Storage |
Primary and standby DNs | IP address of the node where the source device is located. | 1024–65535 | dcf_config Port | TCP | [Function] Port for processing connection and message requests between the primary and standby DNs. [Description] The port number ranges from 1024 to 65535. The source port number is a random port number. The destination port is subject to the port number set in the configuration file. [Enabled by default after installation] Yes when the DCF mode is enabled. | Yes | IP address authentication + SSL certificate authentication | SSL encryption | Maintenance plane | openGauss 3.0.0 | None | DCF |
CM Agent/cm_ctl | IP address of the node where the source device is located. | 1024–65535 | CM Server | IP address of the node where theIP address of the node where the CM Server is located. | cmServerPortBase | TCP | [Function] Port for processing CM Agent and cm_ctl connection requests. [Description] The port number ranges from 1024 to 65534, and the default value is 5000. [Enabled by default after installation] Yes | Yes | IP address authentication, IP address + Kerberos authentication, or IP address authentication + SSL certificate authentication | SSL encryption | Maintenance plane | openGauss 3.0.0 | None | CM |
Kerberos client (DN/CM Agent) | IP address of the node where the source device is located. | 1024–65535 | Kerberos | IP address of the node where the Kerberos service is located. | 21732 | UDP | [Function] Port for listening on the Kerberos KDC service, which provides the authentication capability between nodes in a cluster. (This port is enabled after the Kerberos authentication is enabled.) [Description] The default value is 21732. [Enabled by default after installation] User-defined | No | User name+password or keytab file authentication | AES-256 algorithm is used for encryption. | Maintenance plane | openGauss 1.0.0 | None | Security |
CMServer | IP address of the node where the source device is located. | 1024–65535 | CM Server | IP address of the node where the CM Server is located. | cmServerPortHa cmServerPortBase+1 | TCP | [Function] Port for internal communication between CMSs. [Description] The port number ranges from 1024 to 65535. The source port number is a random port number. If the destination port number is not set in the XML file, the default port number is the value of cmServerPortBase plus 1. If the destination port number is set, the value is used. [Enabled by default after installation] Yes | Yes | IP address authentication or IP address authentication + SSL certificate authentication | SSL encryption | Maintenance plane | openGauss 3.0.0 | None | CM |
Prometheus server | IP address of the node where the source device is located. | 1024–65535 | Prometheus exporter | IP address of the node where the exporter is located. | Specified by the exporter parameter --web.listen-port. | HTTPS/HTTP | [Function] Port for the open-source monitoring system Prometheus to collect and process monitoring information. [Description] The default value is 9187 for openGauss-exporter and 8181 for reprocessing-exporter. [Enabled by default after installation] No. The port is user-defined. | Yes | Prometheus server supports SSL certificate authentication, but Prometheus exporter does not support certificate authentication. | SSL encryption | User plane | openGauss 3.0.0 | None | AI |