So, I have Cloudera Manager with CDH4 working completely fine. The problem is that when I turn on the firewall (iptables) on ZooKeeper machines, everything regarding ZooKeeper goes red. I understand it is related to ports, but I cannot seem to figure out which ports need to opened, I have added following lines to the /etc/sysconfig/iptables using following link as the guidline:
15 ACCEPT tcp -- 10.72.30.0/23 0.0.0.0/0 state NEW tcp multiport dports 2181,2888,3888,3181,4181,8019,9010
16 ACCEPT tcp -- 10.72.20.0/23 0.0.0.0/0 state NEW tcp multiport dports 2181,2888,3888,3181,4181,8019,9010
Anyone who has enabled firewalls on the cluster, please send me some examples. I need to enable firewalls for all the CDH components, so anyone out there who has done it would be a life saver :)
Ah, my bad Asad. Thanks for the reminder. If it's Cloudera Manager that is complaining of bad health on those ZK servers, than it seems that some port that the Cloudera Manager "Service Monitor" process needs to access is blocked. This doc lists out the additional ports that CM needs to have access to, maybe it's in there somewhere?
If that doc doesn't help, we'd need to go into the service monitor logs in CM and see the exact message where it sets the ZK server's health to bad. In that message will probably be some pertinent information about what port is needed.