zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anand Parthasarathy <anpar...@avinetworks.com>
Subject Zookeeper over SSH tunnels
Date Thu, 10 Dec 2015 18:47:29 GMT
Hi,

Just wondering if any one has run zookeeper ensemble over SSH tunnels. We
are moving to a model where we are securing all communication between our
cluster to be over SSH tunnel including the zookepeer ports (client,
election and leader sync ports). With this, I notice that the convergence
when one of the nodes is shut down takes a much longer time than when we
run without the SSH tunnels. One of the issues I notice in this
configuration is as follows:
- Typically, if zookeeper is brought down on one of the nodes, the
connection to the zookeeper ports are RST with "Connection Refused". With
the SSH tunnel, because SSH is acting as a TCP proxy, the connection is
created and then torn down quite immediately. With this behavior, it
somehow gets into a state where it has to go thru a longer timeout before
it converges.

Have any of you seen this behavior before? Is there any tuning that we can
do to improve this behavior?

Thanks,
Anand.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message