You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Lars Francke (Jira)" <ji...@apache.org> on 2022/05/04 17:10:00 UTC
[jira] [Commented] (ZOOKEEPER-4276) Serving only with secureClientPort fails
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4276?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17531850#comment-17531850 ]
Lars Francke commented on ZOOKEEPER-4276:
-----------------------------------------
This is not only an issue during rolling upgrades. It also happens during regular server runs.
This basically means you can't run "secure only", it still happens on 3.8.0
> Serving only with secureClientPort fails
> ----------------------------------------
>
> Key: ZOOKEEPER-4276
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4276
> Project: ZooKeeper
> Issue Type: Bug
> Components: server
> Affects Versions: 3.7.0, 3.5.8, 3.6.2
> Reporter: Kei Kori
> Priority: Major
> Labels: pull-request-available
> Time Spent: 2h
> Remaining Estimate: 0h
>
> clientPort in zoo.cfg is forcefully complemented from client address by QuorumPeerConfig#setupClientPort even though secureClientPort is set and matches with client address' port.
> Because of this behavior, in case rolling update with replacing clientPort to secureClientPort in the same port number following [Upgrading existing non-TLS cluster with no downtime|https://zookeeper.apache.org/doc/r3.7.0/zookeeperAdmin.html#Upgrading+existing+nonTLS+cluster] conflicts and gets errors below.
> {code}
> 2021-03-29 23:21:58,638 - INFO [main:NettyServerCnxnFactory@590] - binding to port /0.0.0.0:2281
> 2021-03-29 23:21:58,748 - INFO [main:NettyServerCnxnFactory@595] - bound to port 2281
> 2021-03-29 23:21:58,749 - INFO [main:NettyServerCnxnFactory@590] - binding to port 0.0.0.0/0.0.0.0:2281
> 2021-03-29 23:21:58,753 - ERROR [main:QuorumPeerMain@101] - Unexpected exception, exiting abnormally
> java.net.BindException: Address already in use
> {code}
> QuorumPeerConfig#setupClientPort should complement only when both clientPort and secureClientPort are empty, and allow serving zookeeper server only with secure client port.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)