You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ksenia Rybakova (JIRA)" <ji...@apache.org> on 2016/11/08 16:24:59 UTC
[jira] [Updated] (IGNITE-4187) "Remote node ID is not as expected"
when client SSL certificate is signed by untrusted CA
[ https://issues.apache.org/jira/browse/IGNITE-4187?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ksenia Rybakova updated IGNITE-4187:
------------------------------------
Attachment: (was: ignite-base-load-config.xml)
> "Remote node ID is not as expected" when client SSL certificate is signed by untrusted CA
> -------------------------------------------------------------------------------------------
>
> Key: IGNITE-4187
> URL: https://issues.apache.org/jira/browse/IGNITE-4187
> Project: Ignite
> Issue Type: Bug
> Affects Versions: 1.6
> Reporter: Ksenia Rybakova
> Attachments: run-load.properties, run-load.xml
>
>
> Test config:
> - 1 client node, 1 server node
> - SSL is enabled
> {noformat}
> <property name="sslContextFactory">
> <bean class="org.apache.ignite.ssl.SslContextFactory">
> <property name="protocol" value="TLSv1.2"/>
> <property name="keyStoreFilePath" value="/home/keystore/server.jks"/>
> <property name="keyStorePassword" value="123456"/>
> <property name="trustStoreFilePath" value="/home/keystore/trust.jks"/>
> <property name="trustStorePassword" value="123456"/>
> </bean>
> </property>
> {noformat}
> trust.jks on server side has one CA certificate and this is NOT the one that was used to sign the client certificate (so the server doesn't trust to the client)
> trust.jks on client side has one CA certificate and this is the one that was used to sign the server certificate (so the client does trust to the server)
> - Yardstick is used to run simple load test (configs and property file are attached)
> Result:
> client connects to server, but there are errors in log:
> client:
> {noformat}
> [16:05:21,751][ERROR][exchange-worker-#22%null%][GridDhtAssignmentFetchFuture] Failed to request affinity assignment from remote node (will continue to another node): TcpDiscoveryNode [id=c02cdaa3-80de-4b81-884f-ca9ba830dba5, addrs=[127.0.0.1, 172.25.1.32], sockAddrs=[/172.25.1.32:47500, /127.0.0.1:47500], discPort=47500, order=1, intOrder=1, lastExchangeTime=1478178315859, loc=false, ver=1.7.0#20161031-sha1:6b78ad0c, isClient=false]
> class org.apache.ignite.IgniteCheckedException: Failed to send message (node may have left the grid or TCP connection cannot be established due to firewall issues) [node=TcpDiscoveryNode [id=c02cdaa3-80de-4b81-884f-ca9ba830dba5, addrs=[127.0.0.1, 172.25.1.32], sockAddrs=[/172.25.1.32:47500, /127.0.0.1:47500], discPort=47500, order=1, intOrder=1, lastExchangeTime=1478178315859, loc=false, ver=1.7.0#20161031-sha1:6b78ad0c, isClient=false], topic=TOPIC_CACHE, msg=GridDhtAffinityAssignmentRequest [topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0], super=GridCacheMessage [msgId=2, depInfo=null, err=null, skipPrepare=false, cacheId=1489451830, cacheId=1489451830]], policy=4]
> at org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1151)
> at org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1215)
> at org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:836)
> at org.apache.ignite.internal.processors.cache.distributed.dht.GridDhtAssignmentFetchFuture.requestFromNextNode(GridDhtAssignmentFetchFuture.java:185)
> at org.apache.ignite.internal.processors.cache.distributed.dht.GridDhtAssignmentFetchFuture.init(GridDhtAssignmentFetchFuture.java:107)
> at org.apache.ignite.internal.processors.cache.CacheAffinitySharedManager.fetchAffinityOnJoin(CacheAffinitySharedManager.java:953)
> at org.apache.ignite.internal.processors.cache.CacheAffinitySharedManager.onClientEvent(CacheAffinitySharedManager.java:639)
> at org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.onClientNodeEvent(GridDhtPartitionsExchangeFuture.java:619)
> at org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:464)
> at org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:1453)
> at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: class org.apache.ignite.spi.IgniteSpiException: Failed to send message to remote node: TcpDiscoveryNode [id=c02cdaa3-80de-4b81-884f-ca9ba830dba5, addrs=[127.0.0.1, 172.25.1.32], sockAddrs=[/172.25.1.32:47500, /127.0.0.1:47500], discPort=47500, order=1, intOrder=1, lastExchangeTime=1478178315859, loc=false, ver=1.7.0#20161031-sha1:6b78ad0c, isClient=false]
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:2017)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:1955)
> at org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1146)
> ... 11 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to connect to node (is node still alive?). Make sure that each ComputeTask and GridCacheTransaction has a timeout set in order to prevent parties from waiting forever in case of network issues [nodeId=c02cdaa3-80de-4b81-884f-ca9ba830dba5, addrs=[/172.25.1.32:47100, /127.0.0.1:47100]]
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2521)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2161)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:2055)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:1989)
> ... 13 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /172.25.1.32:47100
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2526)
> ... 16 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to read remote node response (connection closed).
> at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.readFromNet(BlockingSslHandler.java:496)
> at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:377)
> at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:160)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2602)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2398)
> ... 16 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /127.0.0.1:47100
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2526)
> ... 16 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Remote node ID is not as expected [expected=c02cdaa3-80de-4b81-884f-ca9ba830dba5, rcvd=a90809f8-b7f0-44ea-b78b-b8eb6c642f8f]
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2638)
> at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2398)
> ... 16 more
> {noformat}
> server:
> {noformat}
> [16:05:19,037][WARN ][grid-nio-worker-3-#12%null%][TcpCommunicationSpi] Closing NIO session because of unhandled exception [cls=class o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data: GridSelectorNioSessionImpl [selectorIdx=3, queueSize=0, writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768], readBuf=java.nio.DirectByteBuffer[pos=82 lim=82 cap=32768], recovery=null, super=GridNioSessionImpl [locAddr=/172.25.1.32:47100, rmtAddr=/172.25.1.31:41986, createTime=1478178318962, closeTime=0, bytesSent=3049, bytesRcvd=280, sndSchedTime=1478178318962, lastSndTime=1478178319022, lastRcvTime=1478178319032, readsPaused=false, filterChain=FilterChain[filters=[GridNioCodecFilter [parser=o.a.i.i.util.nio.GridDirectParser@b9e19da, directMode=true], GridConnectionBytesVerifyFilter, SSL filter], accepted=true]]]
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)