[
https://issues.apache.org/jira/browse/ZOOKEEPER-4276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17780132#comment-17780132
]
Abhilash Kishore commented on ZOOKEEPER-4276:
---------------------------------------------
[~andor] Can you please please try this config?
{code:java}
tickTime=2000
initLimit=10
syncLimit=5
dataDir=./andor-5560-ubuntu:2181/data
secureClientPort=2181
clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
...
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
...
server.1=andor-5560-ubuntu:3181:4181;2181 # or
server.1=andor-5560-ubuntu:3181:4181:participant;0.0.0.0:2181
server.2=andor-5560-ubuntu:3182:4182;2181
server.3=andor-5560-ubuntu:3183:4183:participant;0.0.0.0:2181
{code}
I believe this issue happens when `secureClientPort` is declared in zoo.cfg in
addition to client port in the server entry.
However, [ZooKeeper reconfig
doc|https://zookeeper.apache.org/doc/current/zookeeperReconfig.html] recommends
specifying client port in the dynamic config server entry (and not declare
separate clientPort and clientPortAddress). But it doesn't talk about how to
indicate to ZK server that the client port (2181) in
"server.1=andor-5560-ubuntu:3181:4181;2181" entry should be treated as
secureClientPort and not just clientPort. I believe there's no way to do this
currently.
So, we still need to specify `secureClientPort=2181` in zoo.cfg and if
specified, ZK server should ignore the client port in
"server.1=andor-5560-ubuntu:3181:4181;2181" (it can still do some validation to
ensure the port in this entry matches clientPort or secureClientPort and is not
completely arbitrary).
> Serving only with secureClientPort fails
> ----------------------------------------
>
> Key: ZOOKEEPER-4276
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4276
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.7.0, 3.5.8, 3.6.2, 3.8.0
> Reporter: Kei Kori
> Priority: Major
> Labels: pull-request-available
> Time Spent: 2h
> Remaining Estimate: 0h
>
> clientPort in zoo.cfg is forcefully complemented from client address by
> QuorumPeerConfig#setupClientPort even though secureClientPort is set and
> matches with client address' port.
> Because of this behavior, in case rolling update with replacing clientPort to
> secureClientPort in the same port number following [Upgrading existing
> non-TLS cluster with no
> downtime|https://zookeeper.apache.org/doc/r3.7.0/zookeeperAdmin.html#Upgrading+existing+nonTLS+cluster]
> conflicts and gets errors below.
> {code}
> 2021-03-29 23:21:58,638 - INFO [main:NettyServerCnxnFactory@590] - binding
> to port /0.0.0.0:2281
> 2021-03-29 23:21:58,748 - INFO [main:NettyServerCnxnFactory@595] - bound to
> port 2281
> 2021-03-29 23:21:58,749 - INFO [main:NettyServerCnxnFactory@590] - binding
> to port 0.0.0.0/0.0.0.0:2281
> 2021-03-29 23:21:58,753 - ERROR [main:QuorumPeerMain@101] - Unexpected
> exception, exiting abnormally
> java.net.BindException: Address already in use
> {code}
> QuorumPeerConfig#setupClientPort should complement only when both clientPort
> and secureClientPort are empty, and allow serving zookeeper server only with
> secure client port.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
