You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ozone.apache.org by GitBox <gi...@apache.org> on 2023/01/12 20:01:33 UTC

[GitHub] [ozone] adoroszlai opened a new pull request, #4174: HDDS-7754. Download of container is failing with SSL/TLS error during re-replication

adoroszlai opened a new pull request, #4174:
URL: https://github.com/apache/ozone/pull/4174

   ## What changes were proposed in this pull request?
   
   HDDS-7572 changed `ReplicationServer` (among others) to respect `hdds.grpc.tls.enabled`, but `GrpcReplicationClient` was left unchanged.  Thus protocol mismatch prevents replication when the following config is set:
   
    * `ozone.security.enabled=true`
    * `hdds.grpc.tls.enabled=false`
   
   ```
   ERROR org.apache.hadoop.ozone.container.replication.GrpcReplicationClient: Download of container 1 was unsuccessful
   org.apache.ratis.thirdparty.io.grpc.StatusRuntimeException: UNAVAILABLE: io exception
   Channel Pipeline: [SslHandler#0, ProtocolNegotiators$ClientTlsHandler#0, WriteBufferingAndExceptionHandler#0, DefaultChannelPipeline$TailContext#0]
     at org.apache.ratis.thirdparty.io.grpc.Status.asRuntimeException(Status.java:535)
     ...
     at java.base/java.lang.Thread.run(Thread.java:834)
   Caused by: org.apache.ratis.thirdparty.io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 00001204000000000000037fffffff000400100000000600002000000004080000000000000f0001
     at org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1214)
     at org.apache.ratis.thirdparty.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
   ```
   
   This can be reproduced in `ozonesecure` environment with `hdds.grpc.tls.enabled=false`.
   
   The patch makes `GrpcReplicationClient` also respect the `hdds.grpc.tls.enabled` setting so the client and server are in sync.
   
   https://issues.apache.org/jira/browse/HDDS-7754
   
   ## How was this patch tested?
   
   Tested locally in `ozonesecure` environment with `hdds.grpc.tls.enabled=false`.
   
   Executed same in CI:
   https://github.com/adoroszlai/hadoop-ozone/actions/runs/3903794924
   
   Regular CI:
   https://github.com/adoroszlai/hadoop-ozone/actions/runs/3903769563


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #4174: HDDS-7754. Download of container is failing with SSL/TLS error during re-replication

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on PR #4174:
URL: https://github.com/apache/ozone/pull/4174#issuecomment-1385038479

   Thanks @ChenSammi, @sodonnel for the review.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai commented on pull request #4174: HDDS-7754. Download of container is failing with SSL/TLS error during re-replication

Posted by GitBox <gi...@apache.org>.

adoroszlai commented on PR #4174:
URL: https://github.com/apache/ozone/pull/4174#issuecomment-1383713508

   @fapifta @ChenSammi please review


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org

[GitHub] [ozone] adoroszlai merged pull request #4174: HDDS-7754. Download of container is failing with SSL/TLS error during re-replication

Posted by GitBox <gi...@apache.org>.

adoroszlai merged PR #4174:
URL: https://github.com/apache/ozone/pull/4174


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ozone.apache.org
For additional commands, e-mail: issues-help@ozone.apache.org