一、问题描述

某次redis迁移时，对新的redis集群进行新组建时，一直卡在Waiting for the cluster to join …，如下所示：

对端主机telnet本段端口，telnet报错：Permission denied，如下所示：

二、问题分析及处理

1、这种telnet 权限问题，最大可能是对端iptable或selinux启用所致，检查对端果然发现，IPtables启用着了，ipv6环境对应IP6tables；

2、查看对端ip6tables防火墙规则：

ip6tables -nL --line-number  #如下所示
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all      ::/0                 ::/0                state RELATED,ESTABLISHED 
2    ACCEPT     icmpv6    ::/0                 ::/0                
3    ACCEPT     all      ::/0                 ::/0                
4    ACCEPT     tcp      ::/0                 ::/0                state NEW multiport dports 22
5    REJECT     all      ::/0                 ::/0                reject-with icmp6-adm-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all      ::/0                 ::/0                reject-with icmp6-adm-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination  

3、关停ip6tables或添加入规则：

#关停
service ip6tables stop  #如下

ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]
[root@sit2web ~]# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
#取消自启动
chkconfig ip6tables off

#添加入规则
ip6tables -A INPUT 4 -p tcp --dport 7000:7004 -j ACCEPT  #如果配错
ip6tables -R INPUT 5 -p tcp --dport 7000:7004 -j ACCEPT  #修改
ip6tables -R INPUT 6 -j REJECT --reject-with icmp6-adm-prohibited  #默认规则
ip6tables-save >/etc/ip6tables.save

#验证
ip6tables -nL --line-number

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     all      ::/0                 ::/0                state RELATED,ESTABLISHED 
2    ACCEPT     icmpv6    ::/0                 ::/0                
3    ACCEPT     all      ::/0                 ::/0                
4    ACCEPT     tcp      ::/0                 ::/0                state NEW multiport dports 22
5    ACCEPT     tcp      ::/0                 ::/0                tcp dpts:7000:7004 
6    REJECT     all      ::/0                 ::/0                reject-with icmp6-adm-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all      ::/0                 ::/0                reject-with icmp6-adm-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination  

4、再次telnet测试

telnet 2409:0000:0::11 7001   #如下
Trying 2409:0000:0::11...
Connected to 2409:0000:0::11.
Escape character is '^]'.
^]
telnet> q

5、清空rdb和nodex.conf文件后，重启redis，重新执行：

 ruby redis-trib.rb create --replicas 1 10.101.16.201:8000 10.101.16.201:8001 10.101.16.201:8002 10.101.16.201:8003 10.101.16.201:8004 10.101.16.201:8005

>>> Creating cluster

>>> Performing hash slots allocation on 6 nodes...
……
Can I set the above configuration? (type 'yes' to accept): yes

>>> Nodes configuration updated

>>> Assign a different config epoch to each node

>>> Sending CLUSTER MEET messages to join the cluster

Waiting for the cluster to join.........

>>> Performing Cluster Check (using node 10.101.16.201:8000)

M: 5825f39dc55c7dee5fdb0c726bdef0904c5368e3 10.101.16.201:8000

……
[OK] All nodes agree about slots configuration.

>>> Check for open slots...

>>> Check slots coverage...

[OK] All 16384 slots covered.