Thanks John/Bruce!
But it does not work as expected.
I tried setting (security-udp-dhalgo=) in properties file in both locators and
servers.
I also confirmed the same by verifying config level logs and using locator with
following command which explicitly mentions that “security-udp-dhalgo” is empty
(gemfire.sys.security-udp-dhalgo =)
>> describe config –member=locator1
>> describe config –member=server1
But even after that, I see following exception which is same as before.
More, it looks like that once GEODE server member reboot itself after force
disconnection, it does not respect security-udp-dhalgo override in properties
file (My assumption based on logs)
I see security-udp-dhalgo=******** in startup configuration after member’s
attempt to connect to distributed system.
[warning 2018/04/15 21:23:57.095 EDT event-server-1<ReconnectThread> tid=0x215]
Exception occurred while trying to connect the system during reconnect
org.apache.geode.security.AuthenticationRequiredException: Failed to find
credentials from [host-001(event-server-1:32054)<ec>:1025]
at
org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at
org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at
org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at
org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at
org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
at
org.apache.geode.distributed.internal.membership.gms.GMSMemberFactory.newMembershipManager(GMSMemberFactory.java:102)
at
org.apache.geode.distributed.internal.membership.MemberFactory.newMembershipManager(MemberFactory.java:89)
at
org.apache.geode.distributed.internal.DistributionManager.<init>(DistributionManager.java:1112)
at
org.apache.geode.distributed.internal.DistributionManager.<init>(DistributionManager.java:1160)
at
org.apache.geode.distributed.internal.DistributionManager.create(DistributionManager.java:531)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:687)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.newInstance(InternalDistributedSystem.java:299)
at
org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:202)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.reconnect(InternalDistributedSystem.java:2675)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.tryReconnect(InternalDistributedSystem.java:2508)
at
org.apache.geode.distributed.internal.InternalDistributedSystem.disconnect(InternalDistributedSystem.java:983)
at
org.apache.geode.distributed.internal.DistributionManager$MyListener.membershipFailure(DistributionManager.java:4307)
John,
This does not kill GEODE application. It still runs as it is. This makes APM
tool to assume that application is healthy and is not facing any issues.
What do you suggest to rectify this?
Is there any example if I can report state of GEODE server as
“UNHEALTHY”/”DISCONNECTED”?
Is there any example if I can listen to these notifications and come up with
some health check service?
Thanks & Regards,
Dharam
From: John Blum [mailto:[email protected]]
Sent: Friday, April 13, 2018 2:59 AM
To: [email protected]
Subject: Re: AuthenticationRequiredException on force disconnection
Regarding Spring, not really too differently actually, see
here<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/resources/spring-server-cache.xml#L24-L33>
[1] (XML) and
here<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L66-L84>
[2] (JavaConfig) (followed by
this<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L91>
[3] and
this<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L96>
[4]).
There is even an Annotation-based
approach<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/annotation/server/AnnotationConfiguredGeodeServerApplication.java>
[5] for the curious onlooker.
[1]
https://github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/resources/spring-server-cache.xml#L24-L33<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/resources/spring-server-cache.xml#L24-L33>
[2]
https://github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L66-L84<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L66-L84>
[3]
https://github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L91<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L91>
[4]
https://github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L96<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/java/server/JavaConfiguredGeodeServerApplication.java#L96>
[5]
https://github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/annotation/server/AnnotationConfiguredGeodeServerApplication.java<https://secureweb.jpmchase.net/readonly/https:/github.com/jxblum/contacts-application/blob/master/configuration-example/src/main/java/example/app/spring/annotation/server/AnnotationConfiguredGeodeServerApplication.java>
On Thu, Apr 12, 2018 at 2:17 PM, Bruce Schuchardt
<[email protected]<mailto:[email protected]>> wrote:
The setting merely causes Geode to encrypt packets sent over UDP.
On 4/11/18 10:29 AM, Thacker, Dharam wrote:
Would there be any negative impact on disabling 'security-udp-dhalgo' on peer
to peer members or pulse or jmx notifications ?
Thanks,
Dharam
--
-John
john.blum10101 (skype)
This message is confidential and subject to terms at:
http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
privilege, viruses and monitoring of electronic messages. If you are not the
intended recipient, please delete this message and notify the sender
immediately. Any unauthorized use is strictly prohibited.
--- Begin Message ---
I'm not sure what your development context is so it's hard to answer that
question. If you're programatically creating a cache then set the cache
property ConfigurationProperties.SECURITY_UDP_DHALGO to an empty string. If
you're using a properties file set it to blank.
security-udp-dhalgo=
-or-
cachefactory.set(SECURITY_UDP_DHALGO, "")
I don't recall how you set properties for the cache under Spring.
On 4/11/18 11:44 PM, Thacker, Dharam wrote:
Hello Bruce,
I have not manually specified this property to enable udp encryption using
"security-udp-dhalgo" anywhere. I am using TCP mode only.
Is it by default enabled? If yes, how can I disable it?
I could not find any documentation on it.
Thanks,
Dharam
Sent with BlackBerry Work
(www.blackberry.com<https://secureweb.jpmchase.net/readonly/http://www.blackberry.com>)
_____
From: "Thacker, Dharam"
<[email protected]<mailto:[email protected]>>
Sent: Apr 11, 2018 10:59 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: AuthenticationRequiredException on force disconnection
Thank you Bruce!
I will surely open a JIRA soon.
"Geode sends membership information, alerts and on rare occasions a PDX
registration message over UDP"
Would there be any negative impact on disabling 'security-udp-dhalgo' on
peer to peer members or pulse or jmx notifications ?
Thanks,
Dharam
Sent with BlackBerry Work
(www.blackberry.com<https://secureweb.jpmchase.net/readonly/http://www.blackberry.com>)
_____
From: Bruce Schuchardt
<[email protected]<mailto:[email protected]>>
Sent: Apr 11, 2018 8:45 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: AuthenticationRequiredException on force disconnection
That looks like a bug in UDP encryption. Can you open a JIRA ticket to
track this? Set the component to "membership". Looking at the unit
test suite I don't think there is any coverage for auto-reconnect with
security-udp-dhalgo enabled.
As a workaround you could, if you're comfortable doing so, disable
security-udp-dhalgo until this is fixed. There are other known issues
with this fairly new setting that people have been working on recently.
Geode sends membership information, alerts and on rare occasions a PDX
registration message over UDP. No client/server messages are sent over
UDP so its use is confined to your server cluster. No messages
containing application objects (keys, values, callback args etc) are
sent over UDP unless you set disable-tcp=true to disable use of tcp/ip
stream sockets.
On 4/11/18 4:38 AM, Thacker, Dharam wrote:
> warning 2018/04/10 02:40:59.541 EDT event-server-1 <ReconnectThread>
tid=0x217] Exception occurred while trying to connect the system during
reconnect
> org.apache.geode.security.AuthenticationRequiredException: Failed to find
credentials from [host001(event-server-1:3525)<ec>:1026]
> at
org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
> at
org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
> at
org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
> at
org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
> at
org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
> at
org.apache.geode.distributed.internal.membership.gms.GMSMemberFactory.newMembershipManager(GMSMemberFactory.java:102)
> at
org.apache.geode.distributed.internal.membership.MemberFactory.newMembershipManager(MemberFactory.java:89)
> at
org.apache.geode.distributed.internal.DistributionManager.<init>(DistributionManager.java:1112)
> at
org.apache.geode.distributed.internal.DistributionManager.<init>(DistributionManager.java:1160)
> at
org.apache.geode.distributed.internal.DistributionManager.create(DistributionManager.java:531)
> at
org.apache.geode.distributed.internal.InternalDistributedSystem.initialize(InternalDistributedSystem.java:687)
> at
org.apache.geode.distributed.internal.InternalDistributedSystem.newInstance(InternalDistributedSystem.java:299)
> at
org.apache.geode.distributed.DistributedSystem.connect(DistributedSystem.java:202)
> at
org.apache.geode.distributed.internal.InternalDistributedSystem.reconnect(InternalDistributedSystem.java:2675)
> at
org.apache.geode.distributed.internal.InternalDistributedSystem.tryReconnect(InternalDistributedSystem.java:2508)
> at
org.apache.geode.distributed.internal.InternalDistributedSystem.disconnect(InternalDistributedSystem.java:983)
> at
org.apache.geode.distributed.internal.DistributionManager$MyListener.membershipFailure(DistributionManager.java:4307)
> at
org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.uncleanShutdown(GMSMembershipManager.java:1530)
> at
org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.lambda$forceDisconnect$0(GMSMembershipManager.java:2550)
> at java.lang.Thread.run(Thread.java:745)
This message is confidential and subject to terms at:
http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer>
including on confidentiality, legal privilege, viruses and monitoring of
electronic messages. If you are not the intended recipient, please delete this
message and notify the sender immediately. Any unauthorized use is strictly
prohibited.
This message is confidential and subject to terms at:
http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer>
including on confidentiality, legal privilege, viruses and monitoring of
electronic messages. If you are not the intended recipient, please delete this
message and notify the sender immediately. Any unauthorized use is strictly
prohibited.
--- End Message ---
