You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@ignite.apache.org by alokyadav12 <al...@gmail.com> on 2019/10/09 23:07:00 UTC
Authenticating communication between nodes using Ignite.Net
We are new to Ignite.Net and trying to implement few security feature before
deciding final implementation in product.
We had implemented authentication on Ignite Server and when connecting Thin
client it user user id and password and working as expected.
We had noticed that if we spun off another Node then it connects
automatically to running node and doesnt need username and password.
Question 1 : Does thick client and node does not authenticate when
connecting nodes?
Question 2 : Found an article to create custome plugin and authenticate
http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/. This
article focused on Java implementation, but we are using Ignite.Net and
didnt find the DiscoverySpiNodeAuthenticator, GridSecurityProcessor
Interfaces to create a plugin. Are these classes available to use in
Ignite.Net? Is there any other alternate available.
Is there any other way we can authenticate thick client and nodes when
connecting, as we need to secure nodes so only authenticated nodes and Thick
client can connect.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Authenticating communication between nodes using Ignite.Net
Posted by Pavel Tupitsyn <pt...@apache.org>.
1. Thick client/server nodes use a different communication mechanism than
Thin client nodes,
and network ports are different. Security mechanism is also different.
E.g. you can have a cluster of server nodes running in a controlled
environment, with only 10800
port open to the outside. This way only Thin Client nodes can connect from
outside,
and server-to-server connections do not need authentication.
2. Ignite does not provide ready to use server-to-server auth out of the
box (neither Java nor .NET),
some third party vendors provide this via plugins.
If you have to stick with Ignite, you'll have to write a plugin, part of
which has to be in Java.
See Ignite.NET plugin system:
https://apacheignite-net.readme.io/docs/plugins
On Thu, Oct 10, 2019 at 2:07 AM alokyadav12 <al...@gmail.com> wrote:
> We are new to Ignite.Net and trying to implement few security feature
> before
> deciding final implementation in product.
>
> We had implemented authentication on Ignite Server and when connecting Thin
> client it user user id and password and working as expected.
> We had noticed that if we spun off another Node then it connects
> automatically to running node and doesnt need username and password.
>
> Question 1 : Does thick client and node does not authenticate when
> connecting nodes?
>
> Question 2 : Found an article to create custome plugin and authenticate
> http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/. This
> article focused on Java implementation, but we are using Ignite.Net and
> didnt find the DiscoverySpiNodeAuthenticator, GridSecurityProcessor
> Interfaces to create a plugin. Are these classes available to use in
> Ignite.Net? Is there any other alternate available.
>
> Is there any other way we can authenticate thick client and nodes when
> connecting, as we need to secure nodes so only authenticated nodes and
> Thick
> client can connect.
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: Authenticating communication between nodes using Ignite.Net
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
It's hard to say why this may be. Maybe your client can't find one of key
files by specified path?
If you have a reproducer project which you can share, I could look into it.
I can ever take my own keys from Ignite tests, so you don't have to share
these.
Regards,
--
Ilya Kasnacheev
ср, 16 окт. 2019 г. в 22:33, alokyadav12 <al...@gmail.com>:
> Thanks, solution worked for my test setup, but when i am adding same code
> to
> my project then its still throwing the same exception.
>
> One change i noticed in my test application that its using the JRE and out
> project is pointing to Open JDK 12.
> Does this can create issue?
>
> If i run Ignite server from my project and thick client from my test
> application then it works. But when i run server and client from my project
> then it wont work.
>
> Only JDK difference i found other than that there is no code difference.
> Both are using same code, one is working fine other dont.
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: Authenticating communication between nodes using Ignite.Net
Posted by alokyadav12 <al...@gmail.com>.
Thanks, solution worked for my test setup, but when i am adding same code to
my project then its still throwing the same exception.
One change i noticed in my test application that its using the JRE and out
project is pointing to Open JDK 12.
Does this can create issue?
If i run Ignite server from my project and thick client from my test
application then it works. But when i run server and client from my project
then it wont work.
Only JDK difference i found other than that there is no code difference.
Both are using same code, one is working fine other dont.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Authenticating communication between nodes using Ignite.Net
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
It should look like toe following:
<sslContextFactory type='SslContextFactory' protocol='SSL'
keyStoreFilePath='KeyStore/server.jks'
keyStorePassword='123456'
trustStoreFilePath='KeyStore/trust.jks'
trustStorePassword='123456'/>
Please note that pfx would likely not work, I recommend building Java key
store out of your keys/certificates.
Please see
https://stackoverflow.com/questions/4217107/how-to-convert-pfx-file-to-keystore-with-private-key
, for example, there's plenty of guides.
Currently you don't have any trust store, this means certs are not checked
and there's no authentication (only encryption).
Regards,
--
Ilya Kasnacheev
пн, 14 окт. 2019 г. в 23:51, alokyadav12 <al...@gmail.com>:
> This is the only configuration we have to enable SSL
> <sslContextFactory type="SslContextFactory" protocol="SSL"
> keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword" />
>
> Attached are log files for server and client node
> Where to define trust store?
>
> Server.log
> <http://apache-ignite-users.70518.x6.nabble.com/file/t2641/Server.log>
> ClientNode.log
> <http://apache-ignite-users.70518.x6.nabble.com/file/t2641/ClientNode.log>
>
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: Authenticating communication between nodes using Ignite.Net
Posted by alokyadav12 <al...@gmail.com>.
This is the only configuration we have to enable SSL
<sslContextFactory type="SslContextFactory" protocol="SSL"
keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword" />
Attached are log files for server and client node
Where to define trust store?
Server.log
<http://apache-ignite-users.70518.x6.nabble.com/file/t2641/Server.log>
ClientNode.log
<http://apache-ignite-users.70518.x6.nabble.com/file/t2641/ClientNode.log>
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Authenticating communication between nodes using Ignite.Net
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
Did you specify any trust store? My next guess will be that your certs fail
to verify. Can you share verbose logs from both nodes? Preferably with
DEBUG enabled.
Regards,
--
Ilya Kasnacheev
пн, 14 окт. 2019 г. в 18:29, alokyadav12 <al...@gmail.com>:
> On both the nodes getting following message
> Security status [authentication=off, tls/ssl=on]
> [11:38:57] Started write-ahead log manager in NONE mode, persisted data may
> be lost in a case of unexpected node failure. Make sure to deactivate the
> cluster before shutdown.
>
> As it says tls/ssl=on assuming that SSL is on both the nodes. if i remove
> the ssl configuration it works but when add configuration getting message
> ssl=on when starting nodes.
>
>
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: Authenticating communication between nodes using Ignite.Net
Posted by alokyadav12 <al...@gmail.com>.
On both the nodes getting following message
Security status [authentication=off, tls/ssl=on]
[11:38:57] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
As it says tls/ssl=on assuming that SSL is on both the nodes. if i remove
the ssl configuration it works but when add configuration getting message
ssl=on when starting nodes.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Authenticating communication between nodes using Ignite.Net
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
I think this means you didn't enable SSL on all nodes (including client).
Regards,
--
Ilya Kasnacheev
пт, 11 окт. 2019 г. в 20:40, alokyadav12 <al...@gmail.com>:
> We had tried suggested solution to enable SSL on node and thick client.
> used following setting at node and thick client to enable SSL using
> certificate and copied to both application directory
> <sslContextFactory type="SslContextFactory" protocol="SSL"
> keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword" />
>
> Node runs fine with message SSL on, when thick client run then it starts
> thick client but throws exception when connecting node. Please let me know
> if i am missing something or doing wrong configuration.
>
>
> Few lines of messages at end when Node starts
> Security status [authentication=off, tls/ssl=on]
> [11:38:57] Started write-ahead log manager in NONE mode, persisted data may
> be lost in a case of unexpected node failure. Make sure to deactivate the
> cluster before shutdown.
> [11:39:03] Started write-ahead log manager in NONE mode, persisted data may
> be lost in a case of unexpected node failure. Make sure to deactivate the
> cluster before shutdown.
> [11:39:03] Performance suggestions for grid (fix if possible)
> [11:39:03] To disable, set -DIGNITE_PERFORMANCE_SUGGESTIONS_DISABLED=true
> [11:39:03] ^-- Switch to the most recent 1.8 JVM version
> [11:39:03] ^-- Specify JVM heap max size (add '-Xmx<size>[g|G|m|M|k|K]'
> to
> JVM options)
> [11:39:03] ^-- Set max direct memory size if getting 'OOME: Direct buffer
> memory' (add '-XX:MaxDirectMemorySize=<size>[g|G|m|M|k|K]' to JVM options)
> [11:39:03] ^-- Disable processing of calls to System.gc() (add
> '-XX:+DisableExplicitGC' to JVM options)
> [11:39:03] Refer to this page for more performance suggestions:
> https://apacheignite.readme.io/docs/jvm-and-system-tuning
> [11:39:03]
> [11:39:03] To start Console Management & Monitoring run
> ignitevisorcmd.{sh|bat}
> [11:39:03] Data Regions Configured:
> [11:39:03] ^-- defaultRegion [initSize=128.0 MiB, maxSize=4.0 GiB,
> persistence=false]
> [11:39:03] ^-- SecureRegion [initSize=32.0 MiB, maxSize=512.5 MiB,
> persistence=true]
> [11:39:03]
> [11:39:03] Ignite node started OK (id=061316a9)
> [11:39:03] Topology snapshot [ver=1, locNode=061316a9, servers=1,
> clients=0,
> state=INACTIVE, CPUs=8, offheap=4.5GB, heap=4.0GB]
> [11:39:03] ^-- Baseline [id=0, size=1, online=1, offline=0]
> [11:39:03] ^-- All baseline nodes are online, will start auto-activation
>
>
> Following message when starting thick client
> [11:39:43] Security status [authentication=off, tls/ssl=on]
> [11:39:44] REST protocols do not start on client node. To start the
> protocols on client node set '-DIGNITE_REST_START_ON_CLIENT=true' system
> property.
> [11:39:48] Topology snapshot [ver=2, locNode=061316a9, servers=1,
> clients=1,
> state=ACTIVE, CPUs=8, offheap=4.5GB, heap=7.9GB]
> [11:39:48] ^-- Baseline [id=0, size=1, online=1, offline=0]
> [11:39:50,234][SEVERE][grid-nio-worker-tcp-comm-0-#24][TcpCommunicationSpi]
> Failed to process selector key [ses=GridSelectorNioSessionImpl
> [worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=0,
> bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
> super=GridWorker [name=grid-nio-worker-tcp-comm-0, igniteInstanceName=null,
> finished=false, heartbeatTs=1570815589230, hashCode=298351978,
> interrupted=false, runner=grid-nio-worker-tcp-comm-0-#24]]],
> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> inRecovery=null, outRecovery=null, super=GridNioSessionImpl
> [locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28223,
> createTime=1570815589045, closeTime=0, bytesSent=1487, bytesRcvd=1516,
> bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589045,
> lastSndTime=1570815589230, lastRcvTime=1570815589230, readsPaused=false,
> filterChain=FilterChain[filters=[GridNioCodecFilter
> [parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
> GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
> markedForClose=false]]]
> java.io.IOException: An established connection was aborted by the software
> in your host machine
> at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
> at java.base/sun.nio.ch
> .SocketDispatcher.read(SocketDispatcher.java:43)
> at
> java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
> at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
> at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
> at java.base/sun.nio.ch
> .SocketChannelImpl.read(SocketChannelImpl.java:358)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.base/java.lang.Thread.run(Thread.java:835)
> [11:39:50,515][SEVERE][grid-nio-worker-tcp-comm-1-#25][TcpCommunicationSpi]
> Failed to process selector key [ses=GridSelectorNioSessionImpl
> [worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=1,
> bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
> super=GridWorker [name=grid-nio-worker-tcp-comm-1, igniteInstanceName=null,
> finished=false, heartbeatTs=1570815589511, hashCode=1488049866,
> interrupted=false, runner=grid-nio-worker-tcp-comm-1-#25]]],
> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> inRecovery=null, outRecovery=null, super=GridNioSessionImpl
> [locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28224,
> createTime=1570815589428, closeTime=0, bytesSent=1487, bytesRcvd=1516,
> bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589428,
> lastSndTime=1570815589511, lastRcvTime=1570815589511, readsPaused=false,
> filterChain=FilterChain[filters=[GridNioCodecFilter
> [parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
> GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
> markedForClose=false]]]
> java.io.IOException: An existing connection was forcibly closed by the
> remote host
> at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
> at java.base/sun.nio.ch
> .SocketDispatcher.read(SocketDispatcher.java:43)
> at
> java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
> at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
> at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
> at java.base/sun.nio.ch
> .SocketChannelImpl.read(SocketChannelImpl.java:358)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.base/java.lang.Thread.run(Thread.java:835)
> [11:39:50,796][SEVERE][grid-nio-worker-tcp-comm-2-#26][TcpCommunicationSpi]
> Failed to process selector key [ses=GridSelectorNioSessionImpl
> [worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=2,
> bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
> super=GridWorker [name=grid-nio-worker-tcp-comm-2, igniteInstanceName=null,
> finished=false, heartbeatTs=1570815589785, hashCode=1845492615,
> interrupted=false, runner=grid-nio-worker-tcp-comm-2-#26]]],
> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> inRecovery=null, outRecovery=null, super=GridNioSessionImpl
> [locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28225,
> createTime=1570815589710, closeTime=0, bytesSent=1460, bytesRcvd=1516,
> bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589710,
> lastSndTime=1570815589785, lastRcvTime=1570815589785, readsPaused=false,
> filterChain=FilterChain[filters=[GridNioCodecFilter
> [parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
> GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
> markedForClose=false]]]
> java.io.IOException: An existing connection was forcibly closed by the
> remote host
> at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
> at java.base/sun.nio.ch
> .SocketDispatcher.write(SocketDispatcher.java:51)
> at
> java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
> at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
> at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
> at java.base/sun.nio.ch
> .SocketChannelImpl.write(SocketChannelImpl.java:466)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.base/java.lang.Thread.run(Thread.java:835)
> [11:39:51,044][SEVERE][grid-nio-worker-tcp-comm-3-#27][TcpCommunicationSpi]
> Failed to process selector key [ses=GridSelectorNioSessionImpl
> [worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=3,
> bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
> super=GridWorker [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=null,
> finished=false, heartbeatTs=1570815590036, hashCode=2093600398,
> interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27]]],
> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
> inRecovery=null, outRecovery=null, super=GridNioSessionImpl
> [locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28228,
> createTime=1570815589995, closeTime=0, bytesSent=1460, bytesRcvd=1516,
> bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589995,
> lastSndTime=1570815590036, lastRcvTime=1570815590036, readsPaused=false,
> filterChain=FilterChain[filters=[GridNioCodecFilter
> [parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
> GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
> markedForClose=false]]]
> java.io.IOException: An existing connection was forcibly closed by the
> remote host
> at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
> at java.base/sun.nio.ch
> .SocketDispatcher.write(SocketDispatcher.java:51)
> at
> java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
> at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
> at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
> at java.base/sun.nio.ch
> .SocketChannelImpl.write(SocketChannelImpl.java:466)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
> at
>
> org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.base/java.lang.Thread.run(Thread.java:835)
> [11:39:51,096][SEVERE][exchange-worker-#38][TcpCommunicationSpi] Failed to
> send message to remote node [node=TcpDiscoveryNode
> [id=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[0:0:0:0:0:0:0:1,
> 10.83.83.119, 127.0.0.1],
> sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:47500,
> /0:0:0:0:0:0:0:1:47500,
> /127.0.0.1:47500, /10.83.83.119:47500], discPort=47500, order=1,
> intOrder=1,
> lastExchangeTime=1570815588667, loc=false,
> ver=2.7.6#20190911-sha1:21f7ca41,
> isClient=false], msg=GridIoMessage [plc=2, topic=TOPIC_CACHE, topicOrd=8,
> ordered=false, timeout=0, skipOnTimeout=false,
> msg=GridDhtPartitionsSingleMessage [parts=null, partCntrs=null,
> partsSizes=null, partHistCntrs=null, err=null, client=true, finishMsg=null,
> activeQryTrackers=GridLongList [idx=0, arr=[]],
> super=GridDhtPartitionsAbstractMessage [exchId=GridDhtPartitionExchangeId
> [topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0],
> discoEvt=DiscoveryEvent [evtNode=TcpDiscoveryNode
> [id=c864ad65-84e0-4ff9-9b2a-70422dd98408, addrs=[0:0:0:0:0:0:0:1,
> 10.83.83.119, 127.0.0.1], sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:0,
> /0:0:0:0:0:0:0:1:0, /127.0.0.1:0, /10.83.83.119:0], discPort=0, order=2,
> intOrder=0, lastExchangeTime=1570815585757, loc=true,
> ver=2.7.6#20190911-sha1:21f7ca41, isClient=true], topVer=2,
> nodeId8=c864ad65, msg=null, type=NODE_JOINED, tstamp=1570815588793],
> nodeId=c864ad65, evt=NODE_JOINED], lastVer=GridCacheVersion [topVer=0,
> order=1570815584056, nodeOrder=0], super=GridCacheMessage [msgId=1,
> depInfo=null, err=null, skipPrepare=false]]]]]
> class org.apache.ignite.IgniteCheckedException: Failed to connect to node
> (is node still alive?). Make sure that each ComputeTask and cache
> Transaction has a timeout set in order to prevent parties from waiting
> forever in case of network issues
> [nodeId=061316a9-6196-471b-a1fc-afa522e7d138,
> addrs=[/0:0:0:0:0:0:0:1:47100,
> /127.0.0.1:47100, YADAVA9-TL2.thcg.net/169.254.230.7:47100,
> /10.83.83.119:47100]]
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3459)
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2987)
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:2870)
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:2713)
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:2672)
> at
>
> org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1656)
> at
>
> org.apache.ignite.internal.managers.communication.GridIoManager.sendToGridTopic(GridIoManager.java:1731)
> at
>
> org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:1170)
> at
>
> org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendLocalPartitions(GridDhtPartitionsExchangeFuture.java:1883)
> at
>
> org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.clientOnlyExchange(GridDhtPartitionsExchangeFuture.java:1335)
> at
>
> org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:818)
> at
>
> org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body0(GridCachePartitionExchangeManager.java:2681)
> at
>
> org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:2553)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
> at java.base/java.lang.Thread.run(Thread.java:835)
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed
> to
> connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
> as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
> ... 14 more
> Caused by: class
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
> Remote node ID is not as expected
> [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
> ... 14 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed
> to
> connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
> as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
> ... 14 more
> Caused by: class
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
> Remote node ID is not as expected
> [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
> at
>
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
> ... 14 more
>
>
>
>
>
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>
Re: Authenticating communication between nodes using Ignite.Net
Posted by alokyadav12 <al...@gmail.com>.
We had tried suggested solution to enable SSL on node and thick client.
used following setting at node and thick client to enable SSL using
certificate and copied to both application directory
<sslContextFactory type="SslContextFactory" protocol="SSL"
keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword" />
Node runs fine with message SSL on, when thick client run then it starts
thick client but throws exception when connecting node. Please let me know
if i am missing something or doing wrong configuration.
Few lines of messages at end when Node starts
Security status [authentication=off, tls/ssl=on]
[11:38:57] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
[11:39:03] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
[11:39:03] Performance suggestions for grid (fix if possible)
[11:39:03] To disable, set -DIGNITE_PERFORMANCE_SUGGESTIONS_DISABLED=true
[11:39:03] ^-- Switch to the most recent 1.8 JVM version
[11:39:03] ^-- Specify JVM heap max size (add '-Xmx<size>[g|G|m|M|k|K]' to
JVM options)
[11:39:03] ^-- Set max direct memory size if getting 'OOME: Direct buffer
memory' (add '-XX:MaxDirectMemorySize=<size>[g|G|m|M|k|K]' to JVM options)
[11:39:03] ^-- Disable processing of calls to System.gc() (add
'-XX:+DisableExplicitGC' to JVM options)
[11:39:03] Refer to this page for more performance suggestions:
https://apacheignite.readme.io/docs/jvm-and-system-tuning
[11:39:03]
[11:39:03] To start Console Management & Monitoring run
ignitevisorcmd.{sh|bat}
[11:39:03] Data Regions Configured:
[11:39:03] ^-- defaultRegion [initSize=128.0 MiB, maxSize=4.0 GiB,
persistence=false]
[11:39:03] ^-- SecureRegion [initSize=32.0 MiB, maxSize=512.5 MiB,
persistence=true]
[11:39:03]
[11:39:03] Ignite node started OK (id=061316a9)
[11:39:03] Topology snapshot [ver=1, locNode=061316a9, servers=1, clients=0,
state=INACTIVE, CPUs=8, offheap=4.5GB, heap=4.0GB]
[11:39:03] ^-- Baseline [id=0, size=1, online=1, offline=0]
[11:39:03] ^-- All baseline nodes are online, will start auto-activation
Following message when starting thick client
[11:39:43] Security status [authentication=off, tls/ssl=on]
[11:39:44] REST protocols do not start on client node. To start the
protocols on client node set '-DIGNITE_REST_START_ON_CLIENT=true' system
property.
[11:39:48] Topology snapshot [ver=2, locNode=061316a9, servers=1, clients=1,
state=ACTIVE, CPUs=8, offheap=4.5GB, heap=7.9GB]
[11:39:48] ^-- Baseline [id=0, size=1, online=1, offline=0]
[11:39:50,234][SEVERE][grid-nio-worker-tcp-comm-0-#24][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=0,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-0, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589230, hashCode=298351978,
interrupted=false, runner=grid-nio-worker-tcp-comm-0-#24]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28223,
createTime=1570815589045, closeTime=0, bytesSent=1487, bytesRcvd=1516,
bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589045,
lastSndTime=1570815589230, lastRcvTime=1570815589230, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An established connection was aborted by the software
in your host machine
at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:50,515][SEVERE][grid-nio-worker-tcp-comm-1-#25][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=1,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-1, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589511, hashCode=1488049866,
interrupted=false, runner=grid-nio-worker-tcp-comm-1-#25]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28224,
createTime=1570815589428, closeTime=0, bytesSent=1487, bytesRcvd=1516,
bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589428,
lastSndTime=1570815589511, lastRcvTime=1570815589511, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:50,796][SEVERE][grid-nio-worker-tcp-comm-2-#26][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=2,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-2, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589785, hashCode=1845492615,
interrupted=false, runner=grid-nio-worker-tcp-comm-2-#26]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28225,
createTime=1570815589710, closeTime=0, bytesSent=1460, bytesRcvd=1516,
bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589710,
lastSndTime=1570815589785, lastRcvTime=1570815589785, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:466)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:51,044][SEVERE][grid-nio-worker-tcp-comm-3-#27][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=3,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=null,
finished=false, heartbeatTs=1570815590036, hashCode=2093600398,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28228,
createTime=1570815589995, closeTime=0, bytesSent=1460, bytesRcvd=1516,
bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589995,
lastSndTime=1570815590036, lastRcvTime=1570815590036, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:466)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:51,096][SEVERE][exchange-worker-#38][TcpCommunicationSpi] Failed to
send message to remote node [node=TcpDiscoveryNode
[id=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[0:0:0:0:0:0:0:1,
10.83.83.119, 127.0.0.1],
sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:47500, /0:0:0:0:0:0:0:1:47500,
/127.0.0.1:47500, /10.83.83.119:47500], discPort=47500, order=1, intOrder=1,
lastExchangeTime=1570815588667, loc=false, ver=2.7.6#20190911-sha1:21f7ca41,
isClient=false], msg=GridIoMessage [plc=2, topic=TOPIC_CACHE, topicOrd=8,
ordered=false, timeout=0, skipOnTimeout=false,
msg=GridDhtPartitionsSingleMessage [parts=null, partCntrs=null,
partsSizes=null, partHistCntrs=null, err=null, client=true, finishMsg=null,
activeQryTrackers=GridLongList [idx=0, arr=[]],
super=GridDhtPartitionsAbstractMessage [exchId=GridDhtPartitionExchangeId
[topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0],
discoEvt=DiscoveryEvent [evtNode=TcpDiscoveryNode
[id=c864ad65-84e0-4ff9-9b2a-70422dd98408, addrs=[0:0:0:0:0:0:0:1,
10.83.83.119, 127.0.0.1], sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:0,
/0:0:0:0:0:0:0:1:0, /127.0.0.1:0, /10.83.83.119:0], discPort=0, order=2,
intOrder=0, lastExchangeTime=1570815585757, loc=true,
ver=2.7.6#20190911-sha1:21f7ca41, isClient=true], topVer=2,
nodeId8=c864ad65, msg=null, type=NODE_JOINED, tstamp=1570815588793],
nodeId=c864ad65, evt=NODE_JOINED], lastVer=GridCacheVersion [topVer=0,
order=1570815584056, nodeOrder=0], super=GridCacheMessage [msgId=1,
depInfo=null, err=null, skipPrepare=false]]]]]
class org.apache.ignite.IgniteCheckedException: Failed to connect to node
(is node still alive?). Make sure that each ComputeTask and cache
Transaction has a timeout set in order to prevent parties from waiting
forever in case of network issues
[nodeId=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[/0:0:0:0:0:0:0:1:47100,
/127.0.0.1:47100, YADAVA9-TL2.thcg.net/169.254.230.7:47100,
/10.83.83.119:47100]]
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3459)
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2987)
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:2870)
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:2713)
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:2672)
at
org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1656)
at
org.apache.ignite.internal.managers.communication.GridIoManager.sendToGridTopic(GridIoManager.java:1731)
at
org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:1170)
at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendLocalPartitions(GridDhtPartitionsExchangeFuture.java:1883)
at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.clientOnlyExchange(GridDhtPartitionsExchangeFuture.java:1335)
at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:818)
at
org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body0(GridCachePartitionExchangeManager.java:2681)
at
org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:2553)
at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
at java.base/java.lang.Thread.run(Thread.java:835)
Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
... 14 more
Caused by: class
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
Remote node ID is not as expected
[expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
... 14 more
Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
... 14 more
Caused by: class
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
Remote node ID is not as expected
[expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
... 14 more
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Authenticating communication between nodes using Ignite.Net
Posted by alokyadav12 <al...@gmail.com>.
Thanks for the inputs will try suggested solution, we just want to stop
adding any node to main node.
--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Authenticating communication between nodes using Ignite.Net
Posted by Ilya Kasnacheev <il...@gmail.com>.
Hello!
If you really need authentication of nodes, you can add SSL configuration
with certificate checking.
This means that any rogue node will not be able to join since it does not
have proper certificate.
This is also much more secure than passwords. Make sure to add SSL to all
ports, such as connectors, ODBC, etc.
Regards,
--
Ilya Kasnacheev
чт, 10 окт. 2019 г. в 02:07, alokyadav12 <al...@gmail.com>:
> We are new to Ignite.Net and trying to implement few security feature
> before
> deciding final implementation in product.
>
> We had implemented authentication on Ignite Server and when connecting Thin
> client it user user id and password and working as expected.
> We had noticed that if we spun off another Node then it connects
> automatically to running node and doesnt need username and password.
>
> Question 1 : Does thick client and node does not authenticate when
> connecting nodes?
>
> Question 2 : Found an article to create custome plugin and authenticate
> http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/. This
> article focused on Java implementation, but we are using Ignite.Net and
> didnt find the DiscoverySpiNodeAuthenticator, GridSecurityProcessor
> Interfaces to create a plugin. Are these classes available to use in
> Ignite.Net? Is there any other alternate available.
>
> Is there any other way we can authenticate thick client and nodes when
> connecting, as we need to secure nodes so only authenticated nodes and
> Thick
> client can connect.
>
>
>
> --
> Sent from: http://apache-ignite-users.70518.x6.nabble.com/
>