Hi All,
I'm trying to use name resolution and lb feature of gRPC for client side
load balancing. However, it is not working properly.
Below is the construction of name resolution factory.
public Factory getNameResolverFactory() {
final Attributes NAME_RESOLVER_PARAMS = Attributes.newBuilder()
.set(GrpcNameResolutionLBConstant.RESOLUTION_ATTR, "yeah")
.build();
Attributes attrs = Attributes.newBuilder()
.set(GrpcNameResolutionLBConstant.ATTR_LB_ADDR_AUTHORITY, Constant.HOST +
":" + Constant.PORT)
.build();
final ArrayList EAG = new ArrayList();
SocketAddress addr = new InetSocketAddress(Constant.HOST, Constant.PORT);
EquivalentAddressGroup addrgrp = new EquivalentAddressGroup(addr, attrs);
EAG.add(addrgrp);
final NameResolver.Listener nrlistener = null;
Factory nameResolverFactory = new NameResolver.Factory() {
@Override
public NameResolver newNameResolver(URI targetUri, Attributes
params) {
try {
targetUri = URI.create(Constant.HOST + ":" + Constant.PORT);
params = NAME_RESOLVER_PARAMS;
} catch (Exception e) {
logger.log(Level.SEVERE, "Error: " + e);
}
NameResolver nrslvr = new NameResolver() {
@Override
public String getServiceAuthority() {
return Constant.HOST + ":" + Constant.PORT;
}
@Override
public void start(NameResolver.Listener listener) {
listener = new NameResolver.Listener() {
public void onUpdate(List<ResolvedServerInfoGroup>
servers, Attributes attributes) {
throw new UnsupportedOperationException("Not
supported yet.");
}
public void
onAddresses(List<EquivalentAddressGroup> servers, Attributes attributes) {
servers = EAG;
attributes = NAME_RESOLVER_PARAMS;
}
public void onError(Status error) {
logger.log(Level.SEVERE, "onError called: " +
error);
}
};
listener.onAddresses(EAG, NAME_RESOLVER_PARAMS);
}
@Override
public void shutdown() {
throw new UnsupportedOperationException("Not supported
yet."); //To change body of generated methods, choose Tools | Templates.
}
};
nrslvr.start(nrlistener);
return nrslvr;
}
@Override
public String getDefaultScheme() {
return "defaultscheme";
}
};
return nameResolverFactory;
}
Alongwith name resolution, using rrlb for load balancing.
RoundRobinLoadBalancerFactory.getInstance()
Things are working fine when I exclude nameResolverFactory.
Can someone help me?
P.S. Using NettyChannelBuilder.
On Thursday, January 26, 2017 at 5:43:07 PM UTC+5:30, Jorg Heymans wrote:
>
> Hi,
>
> I have a grpc client-server setup using TLS (ClientAuth.REQUIRE) which is
> working fine. I am now trying to implement service discovery using Spring
> DiscoveryClient and zookeeper, very much like what was done here for eureka
> https://gist.github.com/Xorlev/eafce32667931b78fac003f228cedc53#file-eurekanameresolver-java-L51
>
> .
>
> Basically in the client I am creating a
> channel.forTarget("zookeeper://myservice-dev").nameResolverFactory(...).sslContext(...)
>
> and i get this exception serverside:
>
> Caused by: java.security.cert.CertificateException: No subject alternative
> DNS name matching myservice-dev found.
> at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
> at
> sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> at
> io.netty.handler.ssl.ReferenceCountedOpenSslClientContext$ExtendedTrustManagerVerifyCallback.verify(ReferenceCountedOpenSslClientContext.java:223)
>
> It seems that the logical service id i am trying to connect to is used
> during TLS verification. Is this expected ? Adding this service id in the
> certificate SubjectAltNames makes things work but that's not a real
> solution. I have verified that the service discovery works fine without TLS
> and it does.
>
> Any ideas what could be causing this, is it expected at all ?
>
> Many thanks,
> Jorg
>
--
You received this message because you are subscribed to the Google Groups
"grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit
https://groups.google.com/d/msgid/grpc-io/0f02e1b2-f820-4f06-86e7-2ae2c4d461b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.