And observer never joining the cluster its keep saying "Cannot open channel to" in the logs.
On Tue, Sep 25, 2018 at 8:25 AM rammohan ganapavarapu < [email protected]> wrote: > Rakesh, > > Thank you, i have 3 floower and 3 observers in two different DC's > followers came up fine with SASL but for some reasons observers are not > coming up with the following error but i dont see any network issues, i was > able to telnet to 2181 and 3888 ports. > > > 2018-09-24 17:55:34,145 [myid:6] - DEBUG > [QuorumPeer[myid=6]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@620] - Queue > size: 1 > 2018-09-24 17:55:34,145 [myid:6] - DEBUG > [QuorumPeer[myid=6]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@620] - Queue > size: 1 > 2018-09-24 17:55:34,145 [myid:6] - DEBUG > [QuorumPeer[myid=6]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@620] - Queue > size: 1 > 2018-09-24 17:55:34,145 [myid:6] - DEBUG > [QuorumPeer[myid=6]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@555] - Opening > channel to server 1 > 2018-09-24 17:55:34,151 [myid:6] - WARN > [QuorumPeer[myid=6]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@584] - Cannot > open channel to 1 at election address zk-server1/10.16.1.102:3888 > java.net.SocketTimeoutException: connect timed out > at java.net.PlainSocketImpl.socketConnect(Native Method) > at > java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) > at > java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) > at > java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) > at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) > at java.net.Socket.connect(Socket.java:589) > at > org.apache.zookeeper.server.quorum.QuorumCnxManager.connectOne(QuorumCnxManager.java:558) > at > org.apache.zookeeper.server.quorum.QuorumCnxManager.connectAll(QuorumCnxManager.java:610) > at > org.apache.zookeeper.server.quorum.FastLeaderElection.lookForLeader(FastLeaderElection.java:838) > at org.apache.zookeeper.server.quorum.QuorumPeer.run(QuorumPeer.java:957) > > > server.1=zk-server1:2888:3888 > server.2=zk-server2:2888:3888 > server.3=zk-server3:2888:3888 > server.4=zk-server4:2888:3888:observer > server.5=zk-server5:2888:3888:observer > server.6=zk-server6:2888:3888:observer > peerType=observer > > What could be the reason? > > Ram > > On Tue, Sep 25, 2018 at 12:12 AM Rakesh Radhakrishnan <[email protected]> > wrote: > >> Thanks Ram for the interest on this feature. >> >> Yes, user can enable SASL for Observer nodes as well. In general, >> QuorumLearner will send authentication packet to peer QuorumServer. >> Observer is a learner which follows the same quorum authentication protocol >> and auth logic will work fine. >> >> FYI, hope you are referring below links for configurations, >> >> https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutual+authentication >> >> https://blog.cloudera.com/blog/2017/01/hardening-apache-zookeeper-security-sasl-quorum-peer-mutual-authentication-and-authorization/ >> >> Please let us know if you are facing any issues. >> >> Thanks, >> Rakesh >> >> On Mon, Sep 24, 2018 at 8:31 AM rammohan ganapavarapu < >> [email protected]> wrote: >> >>> Hi, >>> >>> Do we need to configure any thing on observer nodes for SASL >>> authentication? >>> >>> tcpKeepAlive=true ( this is not for sasl but just asking ) >>> >>> quorum.auth.enableSasl=true >>> quorum.auth.learnerRequireSasl=true >>> quorum.auth.serverRequireSasl=true >>> >>> What will happen if i set these properties on observers nodes as well ? >>> >>> Thanks, >>> Ram >>> >>
