我正在我的本地mesos集群上尝试cassandra mesos框架。我的群集具有:
ip:10.10.10.30名称:vcmms操作系统:centos 6.7{mesos master,mesos slave,marathon,zookeeper}
ip:10.10.10.31名称:vcmss1 os:centos 6.7{mesos slave}
ip:10.10.10.32名称:vcmss2 os:centos 6.7{mesos slave}
我对iptables使用限制性安全策略来避免网络攻击。
这个 iptable -L
关于mesos奴隶:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:apani1 flags:FIN,SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN state NEW
DROP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:ita-agent
ACCEPT tcp -- anywhere anywhere tcp dpts:31000:32000
ACCEPT tcp -- anywhere anywhere tcp dpts:afs3-fileserver:afs3-callback
ACCEPT tcp -- anywhere anywhere tcp dpt:7199
ACCEPT tcp -- anywhere anywhere tcp dpt:9042
ACCEPT tcp -- anywhere anywhere tcp dpt:apani1
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (0 references)
target prot opt source destination
我的app.json:
{
"id": "/cassandra/dev-test",
"instances": 1,
"cpus": 0.5,
"mem": 512,
"ports": [
0
],
"uris": [
"http://mypublicstorage/cassandra-mesos-0.2.0-1.tar.gz",
"http://mypublicstorage/jre-7u76-linux-x64.tar.gz"
],
"env": {
"MESOS_ZK": "zk://10.10.10.30:2181/mesos",
"JAVA_OPTS": "-Xms256m -Xmx256m",
"CASSANDRA_CLUSTER_NAME": "dev-test",
"CASSANDRA_ZK": "zk://10.10.10:2181/cassandra-mesos",
"CASSANDRA_NODE_COUNT": "3",
"CASSANDRA_RESOURCE_CPU_CORES": "2.0",
"CASSANDRA_RESOURCE_MEM_MB": "2048",
"CASSANDRA_RESOURCE_DISK_MB": "2048",
"CASSANDRA_HEALTH_CHECK_INTERVAL_SECONDS": "60",
"CASSANDRA_ZK_TIMEOUT_MS": "10000"
},
"cmd": "$(pwd)/jre*/bin/java $JAVA_OPTS -classpath cassandra-mesos-framework.jar io.mesosphere.mesos.frameworks.cassandra.framework.Main",
"healthChecks": [
{
"gracePeriodSeconds": 120,
"intervalSeconds": 30,
"maxConsecutiveFailures": 0,
"path": "/health/cluster",
"portIndex": 0,
"protocol": "HTTP",
"timeoutSeconds": 5
},
{
"gracePeriodSeconds": 120,
"intervalSeconds": 30,
"maxConsecutiveFailures": 3,
"path": "/health/process",
"portIndex": 0,
"protocol": "HTTP",
"timeoutSeconds": 5
}
]
}
在marathon上提交应用程序后,框架已注册,但运行状况检查失败。当我访问页面时:http://vcmms.domain:31329/health/cluster/report“结果是:
{
"healthy": false,
"results": [
{
"name": "nodeCount",
"ok": true,
"expected": 3,
"actual": 3
},
{
"name": "seedCount",
"ok": true,
"expected": 2,
"actual": 2
},
{
"name": "allHealthy",
"ok": false,
"expected": [
true,
true,
true
],
"actual": [
true
]
},
{
"name": "operatingModeNormal",
"ok": false,
"expected": [
"NORMAL",
"NORMAL",
"NORMAL"
],
"actual": [
"NORMAL"
]
},
{
"name": "lastHealthCheckNewerThan",
"ok": false,
"expected": [
1443544996737,
1443544996737,
1443544996737
],
"actual": [
1443545237676
]
},
{
"name": "nodesHaveServerTask",
"ok": true,
"expected": [
true,
true,
true
],
"actual": [
true,
true,
true
]
}
]
}
注意:当我禁用所有iptable限制时,它们都可以正常工作,但是我不知道iptable规则中缺少哪些端口会导致健康检查问题。
暂无答案!
目前还没有任何答案,快来回答吧!