bitflicker64 commented on PR #2952:
URL: https://github.com/apache/hugegraph/pull/2952#issuecomment-3976672613
@imbajin **Update on bridge network 3-node cluster investigation:**
Hi, I've been looking into why the 3-node PD cluster fails to form raft
quorum in Docker bridge network mode. To rule out any config loading issues, I
tried both the env var based entrypoint approach and a fully hardcoded config,
both produced the same error, so I don't think it's config related.
Both attempts show this in the logs:
```
IpAuthHandler - Blocked connection from 172.18.0.x
```
Tracing it back, I noticed this in `RaftEngine.java` around line 159:
```java
IpAuthHandler.getInstance(
peers.stream()
.map(PeerId::getIp)
.collect(Collectors.toSet())
);
```
I think `PeerId::getIp` might be returning the raw hostname string (e.g.
`pd1`) rather than the resolved IP. In bridge mode, incoming connections arrive
with their actual container IP (`172.18.0.x`), so the allowlist check would
always fail and block cross-node raft connections. This wouldn't surface in
`network_mode: host` since all connections appear as `127.0.0.1`.
Could you take a look and let me know if this diagnosis makes sense? I might
be missing something still getting familiar with the codebase. If this does
seem right, I'd be happy to try putting together a fix.
Thanks!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
