You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ignite.apache.org by "Sergey Kozlov (JIRA)" <ji...@apache.org> on 2015/11/11 19:46:10 UTC
[jira] [Created] (IGNITE-1891) SSL on Windows
Sergey Kozlov created IGNITE-1891:
-------------------------------------
Summary: SSL on Windows
Key: IGNITE-1891
URL: https://issues.apache.org/jira/browse/IGNITE-1891
Project: Ignite
Issue Type: Bug
Affects Versions: ignite-1.4, 1.5
Environment: Windows 8, Windows 10,
Oracle JDK 1.7.0_80 64bit
Reporter: Sergey Kozlov
Assignee: Yakov Zhdanov
Priority: Critical
Fix For: 1.5
1. Copy examples/config/example-ignite.xml in examples/config/example-ignite-ssl.xml
2. Put SSL section:
{code:title=example-ignite-ssl.xml|borderStyle=solid}
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd">
<bean id="ignite.cfg" class="org.apache.ignite.configuration.IgniteConfiguration">
<!-- Set to true to enable distributed class loading for examples, default is false. -->
<property name="peerClassLoadingEnabled" value="true"/>
<property name="marshaller">
<bean class="org.apache.ignite.marshaller.optimized.OptimizedMarshaller">
<!-- Set to false to allow non-serializable objects in examples, default is true. -->
<property name="requireSerializable" value="false"/>
</bean>
</property>
<!-- Enable task execution events for examples. -->
<property name="includeEventTypes">
<list>
<!--Task execution events-->
<util:constant static-field="org.apache.ignite.events.EventType.EVT_TASK_STARTED"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_TASK_FINISHED"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_TASK_FAILED"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_TASK_TIMEDOUT"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_TASK_SESSION_ATTR_SET"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_TASK_REDUCED"/>
<!--Cache events-->
<util:constant static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_PUT"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_READ"/>
<util:constant static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_REMOVED"/>
</list>
</property>
<property name="sslContextFactory">
<bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath" value="D:\apache-ignite-fabric-1.5.0-bin\examples\config\server.jks"/>
<property name="keyStorePassword" value="PaSsWoRd"/>
<property name="trustManagers">
<bean class="org.apache.ignite.ssl.SslContextFactory" factory-method="getDisabledTrustManager"/>
</property>
</bean>
</property>
<property name="communicationSpi">
<bean class="org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi">
<property name="sharedMemoryPort" value="-1"/>
</bean>
</property>
<!-- Explicitly configure TCP discovery SPI to provide list of initial nodes. -->
<property name="discoverySpi">
<bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
<property name="ipFinder">
<!--
Ignite provides several options for automatic discovery that can be used
instead os static IP based discovery. For information on all options refer
to our documentation: http://apacheignite.readme.io/docs/cluster-config
-->
<!-- Uncomment static IP finder to enable static-based discovery of initial nodes. -->
<!--<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder">-->
<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinder">
<property name="addresses">
<list>
<!-- In distributed environment, replace with actual host IP address. -->
<value>127.0.0.1:47500..47509</value>
</list>
</property>
</bean>
</property>
</bean>
</property>
</bean>
</beans>
{code}
3. Start two nodes with the config above. Second node failed:
{noformat}
21:43:59,345][SEVERE][exchange-worker-#48%null%][GridDhtPartitionsExchangeFuture] Failed to send local partitions to oldest node (will retry after timeout) [oldestNodeId=37a2346c-3a07-4a96-a6da-c375cba47b41, exchId=GridDhtPartitionExchangeId [topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0], nodeId=de92d445, evt=NODE_JOINED]]
class org.apache.ignite.IgniteCheckedException: Failed to send message (node may have left the grid or TCP connection cannot be established due to firewall issues) [node=TcpDiscoveryNode [id=37a2346c-3a07-4a96-a6da-c375cba47b41, addrs=[0:0:0:0:0:0:0:1, 127.0.0.1, 192.168.100.9, 2001:0:9d38:6ab8:2099:222b:4db9:9941], sockAddrs=[ksm-homepc/192.168.100.9:47500, 0:0:0:0:0:0:0:1/0:0:0:0:0:0:0:1:47500, ksm-homepc/192.168.100.9:47500, /127.0.0.1:47500, /192.168.100.9:47500, /2001:0:9d38:6ab8:2099:222b:4db9:9941:47500], discPort=47500, order=1, intOrder=1, lastExchangeTime=1447267436638, loc=false, ver=1.5.0#20151111-sha1:388a8921, isClient=false], topic=TOPIC_CACHE, msg=GridDhtPartitionsSingleMessage [parts={-2100569601=GridDhtPartitionMap [nodeId=de92d445-9162-43b1-ae84-fb8601a5e35c, updateSeq=2, moving=100, size=100], 689859866=GridDhtPartitionMap [nodeId=de92d445-9162-43b1-ae84-fb8601a5e35c, updateSeq=2, moving=511, size=511], 1325947219=GridDhtPartitionMap [nodeId=de92d445-9162-43b1-ae84-fb8601a5e35c, updateSeq=2, moving=20, size=20]}, client=false, super=GridDhtPartitionsAbstractMessage [exchId=GridDhtPartitionExchangeId [topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0], nodeId=de92d445, evt=NODE_JOINED], lastVer=GridCacheVersion [topVer=0, nodeOrderDrId=0, globalTime=0, order=1447267431316], super=GridCacheMessage [msgId=1, depInfo=null, err=null, skipPrepare=false]]], policy=2]
at org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1071)
at org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1214)
at org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:612)
at org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendLocalPartitions(GridDhtPartitionsExchangeFuture.java:972)
at org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendPartitions(GridDhtPartitionsExchangeFuture.java:1013)
at org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:879)
at org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:1230)
at org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
at java.lang.Thread.run(Thread.java:745)
Caused by: class org.apache.ignite.spi.IgniteSpiException: Failed to send message to remote node: TcpDiscoveryNode [id=37a2346c-3a07-4a96-a6da-c375cba47b41, addrs=[0:0:0:0:0:0:0:1, 127.0.0.1, 192.168.100.9, 2001:0:9d38:6ab8:2099:222b:4db9:9941], sockAddrs=[ksm-homepc/192.168.100.9:47500, 0:0:0:0:0:0:0:1/0:0:0:0:0:0:0:1:47500, ksm-homepc/192.168.100.9:47500, /127.0.0.1:47500, /192.168.100.9:47500, /2001:0:9d38:6ab8:2099:222b:4db9:9941:47500], discPort=47500, order=1, intOrder=1, lastExchangeTime=1447267436638, loc=false, ver=1.5.0#20151111-sha1:388a8921, isClient=false]
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:1943)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:1883)
at org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1066)
... 8 more
Caused by: class org.apache.ignite.IgniteCheckedException: Failed to connect to node (is node still alive?). Make sure that each GridComputeTask and GridCacheTransaction has a timeout set in order to prevent parties from waiting forever in case of network issues [nodeId=37a2346c-3a07-4a96-a6da-c375cba47b41, addrs=[/0:0:0:0:0:0:0:1:47100, /127.0.0.1:47100, ksm-homepc/192.168.100.9:47100, /2001:0:9d38:6ab8:2099:222b:4db9:9941:47100]]
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2448)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2087)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:1981)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:1917)
... 10 more
Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /0:0:0:0:0:0:0:1:47100
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
... 13 more
Caused by: class org.apache.ignite.IgniteCheckedException: Failed to read from channel.
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
... 13 more
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-100.71
at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:116)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:851)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
... 14 more
Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /127.0.0.1:47100
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
... 13 more
Caused by: class org.apache.ignite.IgniteCheckedException: Failed to read from channel.
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
... 13 more
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-11.48
at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:116)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:851)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
... 14 more
Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: ksm-homepc/192.168.100.9:47100
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
... 13 more
Caused by: class org.apache.ignite.IgniteCheckedException: Failed to read from channel.
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
... 13 more
Caused by: javax.net.ssl.SSLException: Unsupported record version Unknown-11.48
at sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:116)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:851)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
... 14 more
Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to connect to address: /2001:0:9d38:6ab8:2099:222b:4db9:9941:47100
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
... 13 more
Caused by: class org.apache.ignite.IgniteCheckedException: Failed to read from channel.
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
... 13 more
Caused by: javax.net.ssl.SSLProtocolException: Input SSL/TLS record too big: max = 33305 len = 41304
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:856)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
at org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
at org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
... 14 more
D:\1.5.0\apache-ignite-fabric-1.5.0-bin>
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)