Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudera Manager ZooKeeper Firewall Issue

Highlighted

Cloudera Manager ZooKeeper Firewall Issue

New Contributor

Dear Amigos,

 

So, I have Cloudera Manager with CDH4 working completely fine.  The problem is that when I turn on the firewall (iptables) on ZooKeeper machines, everything regarding ZooKeeper goes red.  I understand it is related to ports, but I cannot seem to figure out which ports need to opened, I have added following lines to the /etc/sysconfig/iptables using following link as the guidline:

 

http://www.cloudera.com/content/cloudera-content/cloudera-docs/CM4Ent/4.5.2/Configuring-Ports-for-Cl...

 

15   ACCEPT     tcp  --  10.72.30.0/23        0.0.0.0/0           state NEW tcp multiport dports 2181,2888,3888,3181,4181,8019,9010
16   ACCEPT     tcp  --  10.72.20.0/23        0.0.0.0/0           state NEW tcp multiport dports 2181,2888,3888,3181,4181,8019,9010

 

Anyone who has enabled firewalls on the cluster, please send me some examples.  I need to enable firewalls for all the CDH components, so anyone out there who has done it would be a life saver :)

 

Regards,

Asad

3 REPLIES 3

Re: Cloudera Manager ZooKeeper Firewall Issue

Master Collaborator

I believe this document contains the information you are looking for.  Sorry for the late reply.

 

Regards,

 

Clint

Re: Cloudera Manager ZooKeeper Firewall Issue

New Contributor
Clint,

You sent me the same link back that I posted in my original post. I added the ports specified there, but it still does not work.

Asad

Re: Cloudera Manager ZooKeeper Firewall Issue

Master Collaborator

Ah, my bad Asad.  Thanks for the reminder.  If it's Cloudera Manager that is complaining of bad health on those ZK servers, than it seems that some port that the Cloudera Manager "Service Monitor" process needs to access is blocked.  This doc lists out the additional ports that CM needs to have access to, maybe it's in there somewhere?

 

If that doc doesn't help, we'd need to go into the service monitor logs in CM and see the exact message where it sets the ZK server's health to bad.  In that message will probably be some pertinent information about what port is needed.

 

Clint

Don't have an account?
Coming from Hortonworks? Activate your account here