Can't get second server to join cluster


(Dave O) #1

I've started a second server on my same home network and I cannot seem to
get it to join the cluster.

I have modified both config files to set the clustername to the same thing.

I have tried multicast and unicast.

I was thinking it was a firewall issue so I added

-A INPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT

Am I missing something here. How do I tell if they are in the same
cluster. I have looked in the start logs and see nothing. I also created
a new index with 10 shards and the shards do not get put onto the 2nd
server. I also submitted a query for cluster status and only seeing 1.

Anything else I can try?

my Ip addresses are

first - 192.168.1.112
second 192.168.1.11

(Both on my internal network).

I can ping, ssh between the 2 boxes no problems.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(David Pilato) #2

Can you reach each other with curl?
curl localhost:9200

In term of firewall, open TCP 9300 ports.

--
David :wink:
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 3 mars 2013 à 06:12, Dave O mdoakes42@gmail.com a écrit :

I've started a second server on my same home network and I cannot seem to get it to join the cluster.

I have modified both config files to set the clustername to the same thing.

I have tried multicast and unicast.

I was thinking it was a firewall issue so I added

-A INPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT

Am I missing something here. How do I tell if they are in the same cluster. I have looked in the start logs and see nothing. I also created a new index with 10 shards and the shards do not get put onto the 2nd server. I also submitted a query for cluster status and only seeing 1.

Anything else I can try?

my Ip addresses are

first - 192.168.1.112
second 192.168.1.11

(Both on my internal network).

I can ping, ssh between the 2 boxes no problems.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Dave O) #3

My host 192.168.1.11 is a virtual server running thru virtualbox on a
windows laptop. (The virtual server is centos 6)

My host 192.168.1.112 is a laptop with Centos 5.3 installed on it.

I just found out that if I start elastic search on my virtual server first
then start my laptop elasticsearch it WORKS. I see messages in the log
about joining the cluster.

HOWEVER,

If I start my laptop first and then try to have the virtual server join the
cluster it DOES NOT work.

The iptables files on both servers are exactly identical.

Could the VM be causing an issue? Is it okay with 2 different CENTOS
versions?

This is what my iptables file looks like on both servers. Any thoughts?
thanks again!

Firewall configuration written by system-config-securitylevel

Manual customization of this file is not recommended.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9200:9400
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 9200:9400
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
9300 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
9300 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Dave O) #4

no problems from either server accessing with CURL.

On Sunday, March 3, 2013 11:14:41 AM UTC-5, Dave O wrote:

My host 192.168.1.11 is a virtual server running thru virtualbox on a
windows laptop. (The virtual server is centos 6)

My host 192.168.1.112 is a laptop with Centos 5.3 installed on it.

I just found out that if I start elastic search on my virtual server
first then start my laptop elasticsearch it WORKS. I see messages in the
log about joining the cluster.

HOWEVER,

If I start my laptop first and then try to have the virtual server join
the cluster it DOES NOT work.

The iptables files on both servers are exactly identical.

Could the VM be causing an issue? Is it okay with 2 different CENTOS
versions?

This is what my iptables file looks like on both servers. Any thoughts?
thanks again!

Firewall configuration written by system-config-securitylevel

Manual customization of this file is not recommended.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
9200:9400 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport
9200:9400 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
9300 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
9300 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Dave O) #5

selinux is disabled on both servers. Thought that might be the
problem...but doesn't look like it

On Sunday, March 3, 2013 12:12:36 AM UTC-5, Dave O wrote:

I've started a second server on my same home network and I cannot seem to
get it to join the cluster.

I have modified both config files to set the clustername to the same thing.

I have tried multicast and unicast.

I was thinking it was a firewall issue so I added

-A INPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT

Am I missing something here. How do I tell if they are in the same
cluster. I have looked in the start logs and see nothing. I also created
a new index with 10 shards and the shards do not get put onto the 2nd
server. I also submitted a query for cluster status and only seeing 1.

Anything else I can try?

my Ip addresses are

first - 192.168.1.112
second 192.168.1.11

(Both on my internal network).

I can ping, ssh between the 2 boxes no problems.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Dave O) #6

other then standard configurations I also set the network.host parameters
appropriately on each server.

Virtual Server
network.host: 192.168.1.11

Laptop
network.host: 192.168.1.112

On Sunday, March 3, 2013 12:12:36 AM UTC-5, Dave O wrote:

I've started a second server on my same home network and I cannot seem to
get it to join the cluster.

I have modified both config files to set the clustername to the same thing.

I have tried multicast and unicast.

I was thinking it was a firewall issue so I added

-A INPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT

Am I missing something here. How do I tell if they are in the same
cluster. I have looked in the start logs and see nothing. I also created
a new index with 10 shards and the shards do not get put onto the 2nd
server. I also submitted a query for cluster status and only seeing 1.

Anything else I can try?

my Ip addresses are

first - 192.168.1.112
second 192.168.1.11

(Both on my internal network).

I can ping, ssh between the 2 boxes no problems.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Dave O) #7

My host 192.168.1.11 is a virtual server running thru virtualbox on a
windows laptop. (The virtual server is centos 6)

My host 192.168.1.112 is a laptop with Centos 5.3 installed on it.

I just found out that if I start elastic search on my LAPTOP server first
then start my virtual server elasticsearch second it WORKS. I see
messages in the log about joining the cluster.

HOWEVER,

If I start my VM first and then try to have my laptop join the cluster it
DOES NOT work.

The iptables files on both servers are exactly identical.

Could the VM be causing an issue? Is it okay with 2 different CENTOS
versions?

This is what my iptables file looks like on both servers. Any thoughts?
thanks again!

Firewall configuration written by system-config-securitylevel

Manual customization of this file is not recommended.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9200:9400
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 9200:9400
-j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
9300 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
9300 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

On Sunday, March 3, 2013 3:54:06 AM UTC-5, David Pilato wrote:

Can you reach each other with curl?
curl localhost:9200

In term of firewall, open TCP 9300 ports.

--
David :wink:
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 3 mars 2013 à 06:12, Dave O <mdoa...@gmail.com <javascript:>> a écrit :

I've started a second server on my same home network and I cannot seem to
get it to join the cluster.

I have modified both config files to set the clustername to the same thing.

I have tried multicast and unicast.

I was thinking it was a firewall issue so I added

-A INPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT

Am I missing something here. How do I tell if they are in the same
cluster. I have looked in the start logs and see nothing. I also created
a new index with 10 shards and the shards do not get put onto the 2nd
server. I also submitted a query for cluster status and only seeing 1.

Anything else I can try?

my Ip addresses are

first - 192.168.1.112
second 192.168.1.11

(Both on my internal network).

I can ping, ssh between the 2 boxes no problems.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(erbdex) #8

If I start my VM first and then try to have my laptop join the cluster it
DOES NOT work.

Dave, did you eventually figure out the cause for this?

On Sunday, 3 March 2013 22:14:42 UTC+5:30, Dave O wrote:

My host 192.168.1.11 is a virtual server running thru virtualbox on a
windows laptop. (The virtual server is centos 6)

My host 192.168.1.112 is a laptop with Centos 5.3 installed on it.

I just found out that if I start elastic search on my LAPTOP server first
then start my virtual server elasticsearch second it WORKS. I see
messages in the log about joining the cluster.

HOWEVER,

If I start my VM first and then try to have my laptop join the cluster it
DOES NOT work.

The iptables files on both servers are exactly identical.

Could the VM be causing an issue? Is it okay with 2 different CENTOS
versions?

This is what my iptables file looks like on both servers. Any thoughts?
thanks again!

Firewall configuration written by system-config-securitylevel

Manual customization of this file is not recommended.

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
9200:9400 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport
9200:9400 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
54328 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p tcp --dport
9300 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m multiport -p udp --dport
9300 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A OUTPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

On Sunday, March 3, 2013 3:54:06 AM UTC-5, David Pilato wrote:

Can you reach each other with curl?
curl localhost:9200

In term of firewall, open TCP 9300 ports.

--
David :wink:
Twitter : @dadoonet / @elasticsearchfr / @scrutmydocs

Le 3 mars 2013 à 06:12, Dave O mdoa...@gmail.com a écrit :

I've started a second server on my same home network and I cannot seem to
get it to join the cluster.

I have modified both config files to set the clustername to the same
thing.

I have tried multicast and unicast.

I was thinking it was a firewall issue so I added

-A INPUT -m state --state NEW -m multiport -p tcp --dport 54328 -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p udp --dport 54328 -j ACCEPT

Am I missing something here. How do I tell if they are in the same
cluster. I have looked in the start logs and see nothing. I also created
a new index with 10 shards and the shards do not get put onto the 2nd
server. I also submitted a query for cluster status and only seeing 1.

Anything else I can try?

my Ip addresses are

first - 192.168.1.112
second 192.168.1.11

(Both on my internal network).

I can ping, ssh between the 2 boxes no problems.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/6adef13f-18b9-4027-9cc1-10ccfc7c3344%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #9