what all ports need to be opened for consul?

[Vikram Kone]

Hi,

I'm installing consul on a VM hosted in Azure and would like to know the list of ports that need to be open for it work correctly?

I'm seeing the following error messages on console, when I do bootstrap-expect command.

Also is it possible to specify a different set of of ports for the agent from the default 8300 and 8301?

    2015/08/21 20:11:07 [INFO] consul: New leader elected: cassandra-wusanalytics1

    2015/08/21 20:11:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64263: i/o timeout

    2015/08/21 20:11:10 [INFO] agent: Synced service 'consul'

    2015/08/21 20:11:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64314: i/o timeout

    2015/08/21 20:11:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64369: i/o timeout

    2015/08/21 20:11:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64417: i/o timeout

    2015/08/21 20:12:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64468: i/o timeout

    2015/08/21 20:12:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64518: i/o timeout

    2015/08/21 20:12:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64568: i/o timeout

    2015/08/21 20:12:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64625: i/o timeout

    2015/08/21 20:13:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64672: i/o timeout

    2015/08/21 20:13:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64722: i/o timeout

    2015/08/21 20:13:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64762: i/o timeout

    2015/08/21 20:13:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64819: i/o timeout

    2015/08/21 20:14:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64860: i/o timeout

    2015/08/21 20:14:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64907: i/o timeout

    2015/08/21 20:14:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:64956: i/o timeout

    2015/08/21 20:14:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65010: i/o timeout

    2015/08/21 20:15:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65054: i/o timeout

    2015/08/21 20:15:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65107: i/o timeout

    2015/08/21 20:15:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65155: i/o timeout

    2015/08/21 20:15:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65204: i/o timeout

    2015/08/21 20:16:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65255: i/o timeout

    2015/08/21 20:16:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65309: i/o timeout

    2015/08/21 20:16:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65361: i/o timeout

    2015/08/21 20:16:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65415: i/o timeout

    2015/08/21 20:17:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65459: i/o timeout

    2015/08/21 20:17:25 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:65518: i/o timeout

    2015/08/21 20:17:40 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:49204: i/o timeout

    2015/08/21 20:17:55 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:49255: i/o timeout

    2015/08/21 20:18:10 [ERR] memberlist: failed to receive: read tcp 168.63.129.16:49294: i/o timeout

[Joshua Garnett]

Ports can be configured in the config file.  Here are the ports I have open in AWS:

server nodes:

$ sudo netstat -tulpn | grep consul

tcp        0      0 10.197.20.78:8300       0.0.0.0:*               LISTEN      5025/consul

tcp        0      0 10.197.20.78:8301       0.0.0.0:*               LISTEN      5025/consul

tcp        0      0 10.197.20.78:8302       0.0.0.0:*               LISTEN      5025/consul

tcp6       0      0 :::8400                 :::*                    LISTEN      5025/consul

tcp6       0      0 :::8500                 :::*                    LISTEN      5025/consul

tcp6       0      0 :::8600                 :::*                    LISTEN      5025/consul

udp        0      0 10.197.20.78:8301       0.0.0.0:*                           5025/consul

udp        0      0 10.197.20.78:8302       0.0.0.0:*                           5025/consul

udp6       0      0 :::8600                 :::*                                5025/consul

client nodes:

$ sudo netstat -tulpn | grep consul

tcp        0      0 10.197.16.146:8301      0.0.0.0:*               LISTEN      4232/consul

tcp        0      0 127.0.0.1:8400          0.0.0.0:*               LISTEN      4232/consul

tcp        0      0 127.0.0.1:8500          0.0.0.0:*               LISTEN      4232/consul

tcp        0      0 127.0.0.1:8600          0.0.0.0:*               LISTEN      4232/consul

udp        0      0 10.197.16.146:8301      0.0.0.0:*                           4232/consul

udp        0      0 127.0.0.1:8600          0.0.0.0:*                           4232/consul

Terraform config:

  # Internal consul access

  ingress {

      from_port = 8500

      to_port = 8500

      protocol = "tcp"

      cidr_blocks = ["10.0.0.0/8", "172.16.0.0/12"]

  }

  # VPC only consul access

  ingress {

      from_port = 8300

      to_port = 8300

      protocol = "tcp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8301

      to_port = 8301

      protocol = "tcp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8301

      to_port = 8301

      protocol = "udp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8302

      to_port = 8302

      protocol = "tcp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8302

      to_port = 8302

      protocol = "udp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8400

      to_port = 8400

      protocol = "tcp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8600

      to_port = 8600

      protocol = "tcp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

  ingress {

      from_port = 8600

      to_port = 8600

      protocol = "udp"

      cidr_blocks = ["${var.vpc_cidr}"]

  }

Example config file:

{

  "client_addr": "0.0.0.0",

  "bind_addr": "10.197.20.78",

  "ports": {

    "dns": 8600,

    "http": 8500,

    "rpc": 8400,

    "serf_lan": 8301,

    "serf_wan": 8302,

    "server": 8300

  }

}

Note:  I also had issues in AWS with ipv6.  I found I had to specify the exact ipv4 address to bind to for the bind_addr config.

--Josh

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/consul/issues
IRC: #consul on Freenode
---
You received this message because you are subscribed to the Google Groups "Consul" group.
To unsubscribe from this group and stop receiving emails from it, send an email to consul-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/28ab40cb-99fd-40fe-b3b2-d25689d2d9ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Vikram Kone]

Thanks!

which port is used to get the memberlist? the error message on the terminal says "failed to receive member list on tcp:<ip address>:<random port>"

[Darron Froese]

At a bare minimum you need to open 8300 and 8301 for TCP and UDP connections.

If you want to connect multiple clusters you need to add 8302 to the list.

To view this discussion on the web visit https://groups.google.com/d/msgid/consul-tool/328f4fb6-b281-4cca-87ec-5cc85fb7c90b%40googlegroups.com.