Patrick,

I'm still fairly new to iptables. I've made changes to the iptables the way
I think it should be but the connection is still refused from 151.1 to
151.2. This is what I have tried in the iptables on 151.1. 151.2's firewall
is turned off.

-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -d 192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -p tcp --dport 3888 -d
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -p tcp --dport 2888 -d
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -p tcp --dport 2181 -d
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -d 192.168.151.2 -s 192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -d 192.168.151.2 -p tcp --sport 3888 -s
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -d 192.168.151.2 -p tcp --sport 2888 -s
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -d 192.168.151.2 -p tcp --sport 2181 -s
192.168.151.1 -j ACCEPT

I also tried the iptable config below because the connection is being
refused on 151.2:3888 but this isn't working either.

-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -d 192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -p tcp --dport 3888 -d
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -p tcp --dport 2888 -d
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -s 192.168.151.2 -p tcp --dport 2181 -d
192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -d 192.168.151.2 -s 192.168.151.1 -j ACCEPT
-A RH-Firewall-1-INPUT -i eth2 -p tcp --dport 3888 -d 192.168.151.2 -s
192.168.151.1 -j ACCEPT

I think I read somewhere that ZK uses tcp for communications which is why
I'm specifying that protocol. But shouldn't specifying comms between two IP
addresses be good enough though?

Erik


On 22 June 2010 12:01, Patrick Hunt <ph...@apache.org> wrote:

> There are 3 ports that need to be opened
>
> 1) the client port (btw client and servers)
> 2/3) the quorum and election ports - only btw servers
>
> You are setting these three ports in your config file (clientport defaults
> to 2181 iirc, unless you override)
>
> Patrick
>
>
> On 06/22/2010 06:17 AM, Erik Test wrote:
>
>> Thanks for your help. The missing file issue is resolved.
>>
>> I was confused by how to start zookeeper because a firewall is blocking
>> connections between nodes. The odd thing is hadoop can run on its own with
>> the configured iptables but doesn't work with zookeeper for some reason.
>> The
>> problem here is I can't turn off the firewall and need to configure the
>> firewall so that zookeeper can work correctly.
>>
>> I'm going to work on the iptables to open connections needed by zookeeper.
>> If any one knows of a way to do this or even just a link to configuring an
>> iptable with zookeeper in mind, I'd appreciate it.
>>
>> Thanks again for the help.
>> Erik
>>
>>
>> On 21 June 2010 20:56, Joe Zou<j...@hz.webex.com>  wrote:
>>
>>  Hi:
>>> You miss the file.
>>> the Caused by: java.lang.IllegalArgumentException: /var/zookeeper/myid
>>> file
>>> is missing
>>>        at
>>> thanks
>>> Joe Zou
>>> -----邮件原件-----
>>> 发件人: Erik Test [mailto:erik.shi...@gmail.com]
>>> 发送时间: Tuesday, June 22, 2010 3:05 AM
>>> 收件人: zookeeper-user@hadoop.apache.org
>>> 主题: Starting zookeeper in replicated mode
>>>
>>> Hi All,
>>>
>>> I'm having a problem with installing zookeeper on a cluster with 6 nodes
>>> in
>>> replicated mode. I was able to install and run zookeeper in standalone
>>> mode
>>> but I'm unable to run zookeeper in replicated mode.
>>>
>>> I've added a list of servers in zoo.cfg as suggested by the ZooKeeper
>>> Getting Started Guide but I get these logs displayed to screen:
>>>
>>> *[r...@master1 bin]# ./zkServer.sh start
>>> JMX enabled by default
>>> Using config: /root/zookeeper-3.2.2/bin/../conf/zoo.cfg
>>> Starting zookeeper ...
>>> STARTED
>>> [r...@master1 bin]# 2010-06-21 12:25:23,738 - INFO
>>> [main:quorumpeercon...@80] - Reading configuration from:
>>> /root/zookeeper-3.2.2/bin/../conf/zoo.cfg
>>> 2010-06-21 12:25:23,743 - INFO  [main:quorumpeercon...@232] - Defaulting
>>> to
>>> majority quorums
>>> 2010-06-21 12:25:23,745 - FATAL [main:quorumpeerm...@82] - Invalid
>>> config,
>>> exiting abnormally
>>> org.apache.zookeeper.server.quorum.QuorumPeerConfig$ConfigException:
>>> Error
>>> processing /root/zookeeper-3.2.2/bin/../conf/zoo.cfg
>>>        at
>>>
>>>
>>> org.apache.zookeeper.server.quorum.QuorumPeerConfig.parse(QuorumPeerConfig.java:100)
>>>        at
>>>
>>>
>>> org.apache.zookeeper.server.quorum.QuorumPeerMain.initializeAndRun(QuorumPeerMain.java:98)
>>>        at
>>>
>>>
>>> org.apache.zookeeper.server.quorum.QuorumPeerMain.main(QuorumPeerMain.java:75)
>>> Caused by: java.lang.IllegalArgumentException: /var/zookeeper/myid file
>>> is
>>> missing
>>>        at
>>>
>>>
>>> org.apache.zookeeper.server.quorum.QuorumPeerConfig.parseProperties(QuorumPeerConfig.java:238)
>>>        at
>>>
>>>
>>> org.apache.zookeeper.server.quorum.QuorumPeerConfig.parse(QuorumPeerConfig.java:96)
>>>        ... 2 more
>>> Invalid config, exiting abnormally*
>>>
>>> And here is my config file:
>>> *
>>> # The number of milliseconds of each tick
>>> tickTime=2000
>>> # The number of ticks that the initial
>>> # synchronization phase can take
>>> initLimit=5
>>> # The number of ticks that can pass between
>>> # sending a request and getting an acknowledgement
>>> syncLimit=2
>>> # the directory where the snapshot is stored.
>>> dataDir=/var/zookeeper
>>> # the port at which the clients will connect
>>> clientPort=2181
>>> server.1=master1:2888:3888
>>> server.2=slave2:2888:3888
>>> server.3=slave3:2888:3888
>>> *
>>> I'm a little confused as to why this doesn't work and I haven't had any
>>> luck
>>> finding answers to some questions I have.
>>>
>>> Am I supposed to have an instance of ZooKeeper on each node started
>>> before
>>> running in replication mode? Should I have each node that will be running
>>> ZK
>>> listed in the config file? Should I be using an IP address to point to a
>>> server instead of a hostname?
>>>
>>> Thanks for your time.
>>> Erik
>>>
>>>
>>

Reply via email to