[
https://issues.apache.org/jira/browse/IGNITE-1891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sergey Kozlov updated IGNITE-1891:
----------------------------------
Priority: Minor (was: Critical)
> SSL on Windows for different major version of JDK
> -------------------------------------------------
>
> Key: IGNITE-1891
> URL: https://issues.apache.org/jira/browse/IGNITE-1891
> Project: Ignite
> Issue Type: Bug
> Affects Versions: ignite-1.4, 1.5
> Environment: Windows 8, Windows 10,
> Oracle JDK 1.7.0_80 64bit
> Reporter: Sergey Kozlov
> Assignee: Yakov Zhdanov
> Priority: Minor
> Fix For: 1.5
>
>
> 1. Copy examples/config/example-ignite.xml in
> examples/config/example-ignite-ssl.xml
> 2. Put SSL section:
> {code:title=example-ignite-ssl.xml|borderStyle=solid}
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xmlns:util="http://www.springframework.org/schema/util";
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://www.springframework.org/schema/util
> http://www.springframework.org/schema/util/spring-util.xsd";>
> <bean id="ignite.cfg"
> class="org.apache.ignite.configuration.IgniteConfiguration">
> <!-- Set to true to enable distributed class loading for examples,
> default is false. -->
> <property name="peerClassLoadingEnabled" value="true"/>
> <property name="marshaller">
> <bean
> class="org.apache.ignite.marshaller.optimized.OptimizedMarshaller">
> <!-- Set to false to allow non-serializable objects in
> examples, default is true. -->
> <property name="requireSerializable" value="false"/>
> </bean>
> </property>
> <!-- Enable task execution events for examples. -->
> <property name="includeEventTypes">
> <list>
> <!--Task execution events-->
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_TASK_STARTED"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_TASK_FINISHED"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_TASK_FAILED"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_TASK_TIMEDOUT"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_TASK_SESSION_ATTR_SET"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_TASK_REDUCED"/>
> <!--Cache events-->
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_PUT"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_READ"/>
> <util:constant
> static-field="org.apache.ignite.events.EventType.EVT_CACHE_OBJECT_REMOVED"/>
> </list>
> </property>
> <property name="sslContextFactory">
> <bean class="org.apache.ignite.ssl.SslContextFactory">
> <property name="keyStoreFilePath"
> value="D:\apache-ignite-fabric-1.5.0-bin\examples\config\server.jks"/>
> <property name="keyStorePassword" value="PaSsWoRd"/>
> <property name="trustManagers">
> <bean class="org.apache.ignite.ssl.SslContextFactory"
> factory-method="getDisabledTrustManager"/>
> </property>
> </bean>
> </property>
> <property name="communicationSpi">
> <bean
> class="org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi">
> <property name="sharedMemoryPort" value="-1"/>
> </bean>
> </property>
>
> <!-- Explicitly configure TCP discovery SPI to provide list of
> initial nodes. -->
> <property name="discoverySpi">
> <bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
> <property name="ipFinder">
> <!--
> Ignite provides several options for automatic
> discovery that can be used
> instead os static IP based discovery. For information
> on all options refer
> to our documentation:
> http://apacheignite.readme.io/docs/cluster-config
> -->
> <!-- Uncomment static IP finder to enable static-based
> discovery of initial nodes. -->
> <!--<bean
> class="org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder">-->
> <bean
> class="org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinder">
> <property name="addresses">
> <list>
> <!-- In distributed environment, replace with
> actual host IP address. -->
> <value>127.0.0.1:47500..47509</value>
> </list>
> </property>
> </bean>
> </property>
> </bean>
> </property>
> </bean>
> </beans>
> {code}
> 3. Start two nodes with the config above. But 1st is under JDK1.7 and 2nd is
> under JDK 1.8
> Second node failed:
> {noformat}
> 21:43:59,345][SEVERE][exchange-worker-#48%null%][GridDhtPartitionsExchangeFuture]
> Failed to send local partitions to oldest node (will retry after timeout)
> [oldestNodeId=37a2346c-3a07-4a96-a6da-c375cba47b41,
> exchId=GridDhtPartitionExchangeId [topVer=AffinityTopologyVersion [topVer=2,
> minorTopVer=0], nodeId=de92d445, evt=NODE_JOINED]]
> class org.apache.ignite.IgniteCheckedException: Failed to send message (node
> may have left the grid or TCP connection cannot be established due to
> firewall issues) [node=TcpDiscoveryNode
> [id=37a2346c-3a07-4a96-a6da-c375cba47b41, addrs=[0:0:0:0:0:0:0:1, 127.0.0.1,
> 192.168.100.9, 2001:0:9d38:6ab8:2099:222b:4db9:9941],
> sockAddrs=[ksm-homepc/192.168.100.9:47500,
> 0:0:0:0:0:0:0:1/0:0:0:0:0:0:0:1:47500, ksm-homepc/192.168.100.9:47500,
> /127.0.0.1:47500, /192.168.100.9:47500,
> /2001:0:9d38:6ab8:2099:222b:4db9:9941:47500], discPort=47500, order=1,
> intOrder=1, lastExchangeTime=1447267436638, loc=false,
> ver=1.5.0#20151111-sha1:388a8921, isClient=false], topic=TOPIC_CACHE,
> msg=GridDhtPartitionsSingleMessage [parts={-2100569601=GridDhtPartitionMap
> [nodeId=de92d445-9162-43b1-ae84-fb8601a5e35c, updateSeq=2, moving=100,
> size=100], 689859866=GridDhtPartitionMap
> [nodeId=de92d445-9162-43b1-ae84-fb8601a5e35c, updateSeq=2, moving=511,
> size=511], 1325947219=GridDhtPartitionMap
> [nodeId=de92d445-9162-43b1-ae84-fb8601a5e35c, updateSeq=2, moving=20,
> size=20]}, client=false, super=GridDhtPartitionsAbstractMessage
> [exchId=GridDhtPartitionExchangeId [topVer=AffinityTopologyVersion [topVer=2,
> minorTopVer=0], nodeId=de92d445, evt=NODE_JOINED], lastVer=GridCacheVersion
> [topVer=0, nodeOrderDrId=0, globalTime=0, order=1447267431316],
> super=GridCacheMessage [msgId=1, depInfo=null, err=null,
> skipPrepare=false]]], policy=2]
> at
> org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1071)
> at
> org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1214)
> at
> org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:612)
> at
> org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendLocalPartitions(GridDhtPartitionsExchangeFuture.java:972)
> at
> org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendPartitions(GridDhtPartitionsExchangeFuture.java:1013)
> at
> org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:879)
> at
> org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:1230)
> at
> org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:110)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: class org.apache.ignite.spi.IgniteSpiException: Failed to send
> message to remote node: TcpDiscoveryNode
> [id=37a2346c-3a07-4a96-a6da-c375cba47b41, addrs=[0:0:0:0:0:0:0:1, 127.0.0.1,
> 192.168.100.9, 2001:0:9d38:6ab8:2099:222b:4db9:9941],
> sockAddrs=[ksm-homepc/192.168.100.9:47500,
> 0:0:0:0:0:0:0:1/0:0:0:0:0:0:0:1:47500, ksm-homepc/192.168.100.9:47500,
> /127.0.0.1:47500, /192.168.100.9:47500,
> /2001:0:9d38:6ab8:2099:222b:4db9:9941:47500], discPort=47500, order=1,
> intOrder=1, lastExchangeTime=1447267436638, loc=false,
> ver=1.5.0#20151111-sha1:388a8921, isClient=false]
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:1943)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:1883)
> at
> org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1066)
> ... 8 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to connect
> to node (is node still alive?). Make sure that each GridComputeTask and
> GridCacheTransaction has a timeout set in order to prevent parties from
> waiting forever in case of network issues
> [nodeId=37a2346c-3a07-4a96-a6da-c375cba47b41, addrs=[/0:0:0:0:0:0:0:1:47100,
> /127.0.0.1:47100, ksm-homepc/192.168.100.9:47100,
> /2001:0:9d38:6ab8:2099:222b:4db9:9941:47100]]
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2448)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2087)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:1981)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:1917)
> ... 10 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
> connect to address: /0:0:0:0:0:0:0:1:47100
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
> ... 13 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to
> read from channel.
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
> ... 13 more
> Caused by: javax.net.ssl.SSLException: Unsupported record version
> Unknown-100.71
> at
> sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:116)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:851)
> at
> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
> ... 14 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
> connect to address: /127.0.0.1:47100
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
> ... 13 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to
> read from channel.
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
> ... 13 more
> Caused by: javax.net.ssl.SSLException: Unsupported record version
> Unknown-11.48
> at
> sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:116)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:851)
> at
> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
> ... 14 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
> connect to address: ksm-homepc/192.168.100.9:47100
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
> ... 13 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to
> read from channel.
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
> ... 13 more
> Caused by: javax.net.ssl.SSLException: Unsupported record version
> Unknown-11.48
> at
> sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:116)
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:851)
> at
> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
> ... 14 more
> Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
> connect to address: /2001:0:9d38:6ab8:2099:222b:4db9:9941:47100
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2453)
> ... 13 more
> Caused by: class org.apache.ignite.IgniteCheckedException: Failed to
> read from channel.
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2684)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:2320)
> ... 13 more
> Caused by: javax.net.ssl.SSLProtocolException: Input SSL/TLS record
> too big: max = 33305 len = 41304
> at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:856)
> at
> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:764)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrap0(BlockingSslHandler.java:397)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.unwrapHandshake(BlockingSslHandler.java:363)
> at
> org.apache.ignite.internal.util.nio.ssl.BlockingSslHandler.handshake(BlockingSslHandler.java:149)
> at
> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeHandshake(TcpCommunicationSpi.java:2527)
> ... 14 more
> D:\1.5.0\apache-ignite-fabric-1.5.0-bin>
> {noformat}
> For SSL we can't detect JDK version for remote node thus we can catch the
> exception and print out the information for possible reason "JDK version are
> different"
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
