[Gluster-users] Setup gluster 3.1.2 ok but probe fails

Gerry Reno greno at verizon.net
Tue Jan 18 18:09:40 UTC 2011 

On 01/18/2011 12:47 PM, Joe Landman wrote:
> On 01/18/2011 12:41 PM, Gerry Reno wrote:
>
>> On secondary:
>>
>>      # tcpdump -i eth0 'port 24007'
>>      tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>      decode
>>      listening on eth0, link-type EN10MB (Ethernet), capture size 96
>> bytes
>>      ^C
>>      0 packets captured
>>      0 packets received by filter
>>      0 packets dropped by kernel
>
> This is the acid test.  If no packets are getting between the units on
> this port, then something is firewalling them.
>
>>> and see if you can get anything when you telnet into that port?
>> On secondary:
>>
>>      # telnet 10.XXX.58.95 24007
>>      Trying 10.XXX.58.95...
>>      Connected to 10.XXX.58.95.
>>      Escape character is '^]'.
>
> Can you telnet into the secondary on this port from the primary, 

    On primary:
    # telnet 10.XXX.58.95 24007
    Trying 10.XXX.58.95...
    telnet: Unable to connect to remote host: Connection timed out


> and let us know what you see when you tcpdump that port on the secondary

    On secondary:
    # tcpdump -i eth0 'port 24007'
    tcpdump: verbose output suppressed, use -v or -vv for full protocol
    decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    ^C
    0 packets captured
    0 packets received by filter
    0 packets dropped by kernel


>
> If you get a connection, and see no packets, then something is badly
> broken in assumptions about network connectivity.
>
> You shouldn't get a connected message if it didn't connect.  tcpdump
> won't lie (as long as the options are correct).
>

Joe, thanks for the help.   I agree something is firewalling the packets.

I added an explicit rule for this security group to allow access for
port 24007 to itself.  (Shouldn't need this)  and it worked.

    ec2-authorize SECURITYGROUP -P tcp -p 24007-24019 -u AWS_USER_ID -o
    SECURITYGROUP
    GROUP        SECURITYGROUP   
    PERMISSION        SECURITYGROUP    ALLOWS    tcp    24007   
    24019    FROM    USER    AWS_USER_ID    GRPNAME    SECURITYGROUP


And now the probe is successful:

    On primary:
    # sudo gluster peer probe 10.XXX.58.95
    Probe successful


So it appears the internal ec2 network is not open within the security
group.  Maybe they just meant the internal network is open in the
'default' security group.  Or they only tested it there.


Regards,
Gerry

More information about the Gluster-users mailing list