-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EC2 Auto discovery and WAN replication with public ip addresses. #1379
Comments
Is this something that can be expected to be fixed any time soon? Assuming that the following error message is caused by this issue; Code related to this being; TcpIpConnectionManager.bind() method. On a WAN replication scenario, does it actually make sense to do the check that results this. From what I've seen this occurs in the replicating cluster, which gets the private (in aws)/local (NAT) IP of the sender. This currently means replicating between 2 aws regions is not possible. While EC2 discovery is quite useful and is the primary replication that would be needed for a cluster, having cross region back-ups is useful for those dreadful moments where a whole region is not accessible. |
I believe for 3.3 or 3.4 AWS fixes are planned. The client is suffering from exactly the same problems. |
This is also a big issue for Docker containerization (which should maybe be a separately tracked issue). Unless you configure containers to net=host and explicitly tell Hazelcast to bind to the host's IP, Hazelcast listens on a Docker-local IP that is port-mapped to the host, and every connection request is rejected with the same "This node is not requested endpoint" error because the host's IP that other nodes connect to doesn't match what Hazelcast sees inside the container. Host networking mode is a workaround, but requiring that and explicit IP ranges for Hazelcast to listen on is not scalable for a containerized environment. At minimum there should probably be an option to configure separate private and public node addresses, which is how Cassandra addresses this issue (listen vs. broadcast). I'd prefer disabling this check completely though - there are other ways to validate node identity if that is a concern (SSL certs, etc). |
We are seeing the same issue as described by @jjongsma when trying to deploy Hazelcast inside AWS Elastic Beanstalk using Docker.
|
Amazon provides a meta-data service on each instance which seems to be also accessible from inside docker containers. This service can be used to get the public ip address of the ec2 instance. Since hazelcast already provides tight integration with aws it could use this service when a certain config flag has been set to get this address. |
@fuadm @imranbohoran @pveentjer @jjongsma @sbuettner there is a new SPI that has just been merged and which will be released in the 3.9 version. It will allow you to define the bind and public address when starting the hazelcast instance and if used correctly it can be used to avoid issues when forming a cluster. |
When we use EC2 Auto discovery, Hazelcast uses private ip addresses. But when we set WAN replication across regions it is not able to communicate over private IP addresses. An option is to force hazelcast to bind to public ip by setting
ec2-xx.us-west-1.compute.amazonaws.com:5701
or
ec2-54-193-63-117.us-west-1.compute.amazonaws.com ec2-54-193-63-117.us-west-1.compute.amazonaws.combut this requires
So both EC2 discovery and WAN replication needs to be fixed to make the process clean and seamless.
The text was updated successfully, but these errors were encountered: