Authenticating communication between nodes using Ignite.Net

classic Classic list List threaded Threaded
12 messages Options
alokyadav12 alokyadav12
Reply | Threaded
Open this post in threaded view
|

Authenticating communication between nodes using Ignite.Net

We are new to Ignite.Net and trying to implement few security feature before
deciding final implementation in product.

We had implemented authentication on Ignite Server and when connecting Thin
client it user user id and password and working as expected.
We had noticed that if we spun off another Node then it connects
automatically to running node and doesnt need username and password.

Question 1 : Does thick client and node does not authenticate when
connecting nodes?

Question 2 : Found an article to create custome plugin and authenticate
http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/. This
article focused on Java implementation, but we are using Ignite.Net and
didnt find the  DiscoverySpiNodeAuthenticator,  GridSecurityProcessor
Interfaces to create a plugin. Are these classes available to use in
Ignite.Net? Is there any other alternate available.

Is there any other way we can authenticate thick client and nodes when
connecting, as we need to secure nodes so only authenticated nodes and Thick
client can connect.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ptupitsyn ptupitsyn
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

1. Thick client/server nodes use a different communication mechanism than Thin client nodes,
and network ports are different. Security mechanism is also different.

E.g. you can have a cluster of server nodes running in a controlled environment, with only 10800 
port open to the outside. This way only Thin Client nodes can connect from outside,
and server-to-server connections do not need authentication.

2. Ignite does not provide ready to use server-to-server auth out of the box (neither Java nor .NET),
some third party vendors provide this via plugins.
If you have to stick with Ignite, you'll have to write a plugin, part of which has to be in Java.

On Thu, Oct 10, 2019 at 2:07 AM alokyadav12 <[hidden email]> wrote:
We are new to Ignite.Net and trying to implement few security feature before
deciding final implementation in product.

We had implemented authentication on Ignite Server and when connecting Thin
client it user user id and password and working as expected.
We had noticed that if we spun off another Node then it connects
automatically to running node and doesnt need username and password.

Question 1 : Does thick client and node does not authenticate when
connecting nodes?

Question 2 : Found an article to create custome plugin and authenticate
http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/. This
article focused on Java implementation, but we are using Ignite.Net and
didnt find the  DiscoverySpiNodeAuthenticator,  GridSecurityProcessor
Interfaces to create a plugin. Are these classes available to use in
Ignite.Net? Is there any other alternate available.

Is there any other way we can authenticate thick client and nodes when
connecting, as we need to secure nodes so only authenticated nodes and Thick
client can connect.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

In reply to this post by alokyadav12
Hello!

If you really need authentication of nodes, you can add SSL configuration with certificate checking.

This means that any rogue node will not be able to join since it does not have proper certificate.

This is also much more secure than passwords. Make sure to add SSL to all ports, such as connectors, ODBC, etc.

Regards,
--
Ilya Kasnacheev


чт, 10 окт. 2019 г. в 02:07, alokyadav12 <[hidden email]>:
We are new to Ignite.Net and trying to implement few security feature before
deciding final implementation in product.

We had implemented authentication on Ignite Server and when connecting Thin
client it user user id and password and working as expected.
We had noticed that if we spun off another Node then it connects
automatically to running node and doesnt need username and password.

Question 1 : Does thick client and node does not authenticate when
connecting nodes?

Question 2 : Found an article to create custome plugin and authenticate
http://smartkey.co.uk/development/securing-an-apache-ignite-cluster/. This
article focused on Java implementation, but we are using Ignite.Net and
didnt find the  DiscoverySpiNodeAuthenticator,  GridSecurityProcessor
Interfaces to create a plugin. Are these classes available to use in
Ignite.Net? Is there any other alternate available.

Is there any other way we can authenticate thick client and nodes when
connecting, as we need to secure nodes so only authenticated nodes and Thick
client can connect.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
alokyadav12 alokyadav12
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

Thanks for the inputs will try suggested solution, we just want to stop
adding any node to main node.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
alokyadav12 alokyadav12
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

In reply to this post by ilya.kasnacheev
We had tried suggested solution to enable SSL on node and thick client.
used following setting at node and thick client to enable SSL using
certificate and copied to both application directory
    <sslContextFactory type="SslContextFactory" protocol="SSL"
keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword" />

Node runs fine with message SSL on, when thick client run then it starts
thick client but throws exception when connecting node. Please let me know
if i am missing something or doing wrong configuration.


Few lines of messages at end when Node starts
Security status [authentication=off, tls/ssl=on]
[11:38:57] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
[11:39:03] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
[11:39:03] Performance suggestions for grid  (fix if possible)
[11:39:03] To disable, set -DIGNITE_PERFORMANCE_SUGGESTIONS_DISABLED=true
[11:39:03]   ^-- Switch to the most recent 1.8 JVM version
[11:39:03]   ^-- Specify JVM heap max size (add '-Xmx<size>[g|G|m|M|k|K]' to
JVM options)
[11:39:03]   ^-- Set max direct memory size if getting 'OOME: Direct buffer
memory' (add '-XX:MaxDirectMemorySize=<size>[g|G|m|M|k|K]' to JVM options)
[11:39:03]   ^-- Disable processing of calls to System.gc() (add
'-XX:+DisableExplicitGC' to JVM options)
[11:39:03] Refer to this page for more performance suggestions:
https://apacheignite.readme.io/docs/jvm-and-system-tuning
[11:39:03]
[11:39:03] To start Console Management & Monitoring run
ignitevisorcmd.{sh|bat}
[11:39:03] Data Regions Configured:
[11:39:03]   ^-- defaultRegion [initSize=128.0 MiB, maxSize=4.0 GiB,
persistence=false]
[11:39:03]   ^-- SecureRegion [initSize=32.0 MiB, maxSize=512.5 MiB,
persistence=true]
[11:39:03]
[11:39:03] Ignite node started OK (id=061316a9)
[11:39:03] Topology snapshot [ver=1, locNode=061316a9, servers=1, clients=0,
state=INACTIVE, CPUs=8, offheap=4.5GB, heap=4.0GB]
[11:39:03]   ^-- Baseline [id=0, size=1, online=1, offline=0]
[11:39:03]   ^-- All baseline nodes are online, will start auto-activation


Following message when starting thick client
[11:39:43] Security status [authentication=off, tls/ssl=on]
[11:39:44] REST protocols do not start on client node. To start the
protocols on client node set '-DIGNITE_REST_START_ON_CLIENT=true' system
property.
[11:39:48] Topology snapshot [ver=2, locNode=061316a9, servers=1, clients=1,
state=ACTIVE, CPUs=8, offheap=4.5GB, heap=7.9GB]
[11:39:48]   ^-- Baseline [id=0, size=1, online=1, offline=0]
[11:39:50,234][SEVERE][grid-nio-worker-tcp-comm-0-#24][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=0,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-0, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589230, hashCode=298351978,
interrupted=false, runner=grid-nio-worker-tcp-comm-0-#24]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28223,
createTime=1570815589045, closeTime=0, bytesSent=1487, bytesRcvd=1516,
bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589045,
lastSndTime=1570815589230, lastRcvTime=1570815589230, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An established connection was aborted by the software
in your host machine
        at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
        at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
        at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:50,515][SEVERE][grid-nio-worker-tcp-comm-1-#25][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=1,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-1, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589511, hashCode=1488049866,
interrupted=false, runner=grid-nio-worker-tcp-comm-1-#25]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28224,
createTime=1570815589428, closeTime=0, bytesSent=1487, bytesRcvd=1516,
bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589428,
lastSndTime=1570815589511, lastRcvTime=1570815589511, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
        at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
        at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
        at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:50,796][SEVERE][grid-nio-worker-tcp-comm-2-#26][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=2,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-2, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589785, hashCode=1845492615,
interrupted=false, runner=grid-nio-worker-tcp-comm-2-#26]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28225,
createTime=1570815589710, closeTime=0, bytesSent=1460, bytesRcvd=1516,
bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589710,
lastSndTime=1570815589785, lastRcvTime=1570815589785, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
        at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
        at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
        at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:466)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:51,044][SEVERE][grid-nio-worker-tcp-comm-3-#27][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=3,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=null,
finished=false, heartbeatTs=1570815590036, hashCode=2093600398,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28228,
createTime=1570815589995, closeTime=0, bytesSent=1460, bytesRcvd=1516,
bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589995,
lastSndTime=1570815590036, lastRcvTime=1570815590036, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
        at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
        at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
        at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:466)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:51,096][SEVERE][exchange-worker-#38][TcpCommunicationSpi] Failed to
send message to remote node [node=TcpDiscoveryNode
[id=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[0:0:0:0:0:0:0:1,
10.83.83.119, 127.0.0.1],
sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:47500, /0:0:0:0:0:0:0:1:47500,
/127.0.0.1:47500, /10.83.83.119:47500], discPort=47500, order=1, intOrder=1,
lastExchangeTime=1570815588667, loc=false, ver=2.7.6#20190911-sha1:21f7ca41,
isClient=false], msg=GridIoMessage [plc=2, topic=TOPIC_CACHE, topicOrd=8,
ordered=false, timeout=0, skipOnTimeout=false,
msg=GridDhtPartitionsSingleMessage [parts=null, partCntrs=null,
partsSizes=null, partHistCntrs=null, err=null, client=true, finishMsg=null,
activeQryTrackers=GridLongList [idx=0, arr=[]],
super=GridDhtPartitionsAbstractMessage [exchId=GridDhtPartitionExchangeId
[topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0],
discoEvt=DiscoveryEvent [evtNode=TcpDiscoveryNode
[id=c864ad65-84e0-4ff9-9b2a-70422dd98408, addrs=[0:0:0:0:0:0:0:1,
10.83.83.119, 127.0.0.1], sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:0,
/0:0:0:0:0:0:0:1:0, /127.0.0.1:0, /10.83.83.119:0], discPort=0, order=2,
intOrder=0, lastExchangeTime=1570815585757, loc=true,
ver=2.7.6#20190911-sha1:21f7ca41, isClient=true], topVer=2,
nodeId8=c864ad65, msg=null, type=NODE_JOINED, tstamp=1570815588793],
nodeId=c864ad65, evt=NODE_JOINED], lastVer=GridCacheVersion [topVer=0,
order=1570815584056, nodeOrder=0], super=GridCacheMessage [msgId=1,
depInfo=null, err=null, skipPrepare=false]]]]]
class org.apache.ignite.IgniteCheckedException: Failed to connect to node
(is node still alive?). Make sure that each ComputeTask and cache
Transaction has a timeout set in order to prevent parties from waiting
forever in case of network issues
[nodeId=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[/0:0:0:0:0:0:0:1:47100,
/127.0.0.1:47100, YADAVA9-TL2.thcg.net/169.254.230.7:47100,
/10.83.83.119:47100]]
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3459)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2987)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:2870)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:2713)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:2672)
        at
org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1656)
        at
org.apache.ignite.internal.managers.communication.GridIoManager.sendToGridTopic(GridIoManager.java:1731)
        at
org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:1170)
        at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendLocalPartitions(GridDhtPartitionsExchangeFuture.java:1883)
        at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.clientOnlyExchange(GridDhtPartitionsExchangeFuture.java:1335)
        at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:818)
        at
org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body0(GridCachePartitionExchangeManager.java:2681)
        at
org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:2553)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
        Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
                ... 14 more
        Caused by: class
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
Remote node ID is not as expected
[expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
                ... 14 more
        Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
                ... 14 more
        Caused by: class
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
Remote node ID is not as expected
[expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
                ... 14 more








--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

Hello!

I think this means you didn't enable SSL on all nodes (including client).

Regards,
--
Ilya Kasnacheev


пт, 11 окт. 2019 г. в 20:40, alokyadav12 <[hidden email]>:
We had tried suggested solution to enable SSL on node and thick client.
used following setting at node and thick client to enable SSL using
certificate and copied to both application directory
    <sslContextFactory type="SslContextFactory" protocol="SSL"
keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword" />

Node runs fine with message SSL on, when thick client run then it starts
thick client but throws exception when connecting node. Please let me know
if i am missing something or doing wrong configuration.


Few lines of messages at end when Node starts
Security status [authentication=off, tls/ssl=on]
[11:38:57] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
[11:39:03] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.
[11:39:03] Performance suggestions for grid  (fix if possible)
[11:39:03] To disable, set -DIGNITE_PERFORMANCE_SUGGESTIONS_DISABLED=true
[11:39:03]   ^-- Switch to the most recent 1.8 JVM version
[11:39:03]   ^-- Specify JVM heap max size (add '-Xmx<size>[g|G|m|M|k|K]' to
JVM options)
[11:39:03]   ^-- Set max direct memory size if getting 'OOME: Direct buffer
memory' (add '-XX:MaxDirectMemorySize=<size>[g|G|m|M|k|K]' to JVM options)
[11:39:03]   ^-- Disable processing of calls to System.gc() (add
'-XX:+DisableExplicitGC' to JVM options)
[11:39:03] Refer to this page for more performance suggestions:
https://apacheignite.readme.io/docs/jvm-and-system-tuning
[11:39:03]
[11:39:03] To start Console Management & Monitoring run
ignitevisorcmd.{sh|bat}
[11:39:03] Data Regions Configured:
[11:39:03]   ^-- defaultRegion [initSize=128.0 MiB, maxSize=4.0 GiB,
persistence=false]
[11:39:03]   ^-- SecureRegion [initSize=32.0 MiB, maxSize=512.5 MiB,
persistence=true]
[11:39:03]
[11:39:03] Ignite node started OK (id=061316a9)
[11:39:03] Topology snapshot [ver=1, locNode=061316a9, servers=1, clients=0,
state=INACTIVE, CPUs=8, offheap=4.5GB, heap=4.0GB]
[11:39:03]   ^-- Baseline [id=0, size=1, online=1, offline=0]
[11:39:03]   ^-- All baseline nodes are online, will start auto-activation


Following message when starting thick client
[11:39:43] Security status [authentication=off, tls/ssl=on]
[11:39:44] REST protocols do not start on client node. To start the
protocols on client node set '-DIGNITE_REST_START_ON_CLIENT=true' system
property.
[11:39:48] Topology snapshot [ver=2, locNode=061316a9, servers=1, clients=1,
state=ACTIVE, CPUs=8, offheap=4.5GB, heap=7.9GB]
[11:39:48]   ^-- Baseline [id=0, size=1, online=1, offline=0]
[11:39:50,234][SEVERE][grid-nio-worker-tcp-comm-0-#24][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=0,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-0, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589230, hashCode=298351978,
interrupted=false, runner=grid-nio-worker-tcp-comm-0-#24]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28223,
createTime=1570815589045, closeTime=0, bytesSent=1487, bytesRcvd=1516,
bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589045,
lastSndTime=1570815589230, lastRcvTime=1570815589230, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An established connection was aborted by the software
in your host machine
        at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
        at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
        at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:50,515][SEVERE][grid-nio-worker-tcp-comm-1-#25][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=1,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-1, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589511, hashCode=1488049866,
interrupted=false, runner=grid-nio-worker-tcp-comm-1-#25]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28224,
createTime=1570815589428, closeTime=0, bytesSent=1487, bytesRcvd=1516,
bytesSent0=1487, bytesRcvd0=1516, sndSchedTime=1570815589428,
lastSndTime=1570815589511, lastRcvTime=1570815589511, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
        at java.base/sun.nio.ch.SocketDispatcher.read0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.read(SocketDispatcher.java:43)
        at java.base/sun.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:276)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:233)
        at java.base/sun.nio.ch.IOUtil.read(IOUtil.java:223)
        at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:358)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processRead(GridNioServer.java:1282)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2386)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:50,796][SEVERE][grid-nio-worker-tcp-comm-2-#26][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=2,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-2, igniteInstanceName=null,
finished=false, heartbeatTs=1570815589785, hashCode=1845492615,
interrupted=false, runner=grid-nio-worker-tcp-comm-2-#26]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28225,
createTime=1570815589710, closeTime=0, bytesSent=1460, bytesRcvd=1516,
bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589710,
lastSndTime=1570815589785, lastRcvTime=1570815589785, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
        at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
        at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
        at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:466)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:51,044][SEVERE][grid-nio-worker-tcp-comm-3-#27][TcpCommunicationSpi]
Failed to process selector key [ses=GridSelectorNioSessionImpl
[worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=3,
bytesRcvd=1516, bytesSent=0, bytesRcvd0=1516, bytesSent0=0, select=true,
super=GridWorker [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=null,
finished=false, heartbeatTs=1570815590036, hashCode=2093600398,
interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27]]],
writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
readBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768],
inRecovery=null, outRecovery=null, super=GridNioSessionImpl
[locAddr=/0:0:0:0:0:0:0:1:47100, rmtAddr=/0:0:0:0:0:0:0:1:28228,
createTime=1570815589995, closeTime=0, bytesSent=1460, bytesRcvd=1516,
bytesSent0=1460, bytesRcvd0=1516, sndSchedTime=1570815589995,
lastSndTime=1570815590036, lastRcvTime=1570815590036, readsPaused=false,
filterChain=FilterChain[filters=[GridNioCodecFilter
[parser=o.a.i.i.util.nio.GridDirectParser@17956e51, directMode=true],
GridConnectionBytesVerifyFilter, SSL filter], accepted=true,
markedForClose=false]]]
java.io.IOException: An existing connection was forcibly closed by the
remote host
        at java.base/sun.nio.ch.SocketDispatcher.write0(Native Method)
        at java.base/sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:51)
        at java.base/sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:113)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:58)
        at java.base/sun.nio.ch.IOUtil.write(IOUtil.java:50)
        at java.base/sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:466)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.writeSslSystem(GridNioServer.java:1543)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWriteSsl(GridNioServer.java:1367)
        at
org.apache.ignite.internal.util.nio.GridNioServer$DirectNioClientWorker.processWrite(GridNioServer.java:1336)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.processSelectedKeysOptimized(GridNioServer.java:2389)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.bodyInternal(GridNioServer.java:2153)
        at
org.apache.ignite.internal.util.nio.GridNioServer$AbstractNioClientWorker.body(GridNioServer.java:1794)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
[11:39:51,096][SEVERE][exchange-worker-#38][TcpCommunicationSpi] Failed to
send message to remote node [node=TcpDiscoveryNode
[id=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[0:0:0:0:0:0:0:1,
10.83.83.119, 127.0.0.1],
sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:47500, /0:0:0:0:0:0:0:1:47500,
/127.0.0.1:47500, /10.83.83.119:47500], discPort=47500, order=1, intOrder=1,
lastExchangeTime=1570815588667, loc=false, ver=2.7.6#20190911-sha1:21f7ca41,
isClient=false], msg=GridIoMessage [plc=2, topic=TOPIC_CACHE, topicOrd=8,
ordered=false, timeout=0, skipOnTimeout=false,
msg=GridDhtPartitionsSingleMessage [parts=null, partCntrs=null,
partsSizes=null, partHistCntrs=null, err=null, client=true, finishMsg=null,
activeQryTrackers=GridLongList [idx=0, arr=[]],
super=GridDhtPartitionsAbstractMessage [exchId=GridDhtPartitionExchangeId
[topVer=AffinityTopologyVersion [topVer=2, minorTopVer=0],
discoEvt=DiscoveryEvent [evtNode=TcpDiscoveryNode
[id=c864ad65-84e0-4ff9-9b2a-70422dd98408, addrs=[0:0:0:0:0:0:0:1,
10.83.83.119, 127.0.0.1], sockAddrs=[YADAVA9-TL2.thcg.net/169.254.230.7:0,
/0:0:0:0:0:0:0:1:0, /127.0.0.1:0, /10.83.83.119:0], discPort=0, order=2,
intOrder=0, lastExchangeTime=1570815585757, loc=true,
ver=2.7.6#20190911-sha1:21f7ca41, isClient=true], topVer=2,
nodeId8=c864ad65, msg=null, type=NODE_JOINED, tstamp=1570815588793],
nodeId=c864ad65, evt=NODE_JOINED], lastVer=GridCacheVersion [topVer=0,
order=1570815584056, nodeOrder=0], super=GridCacheMessage [msgId=1,
depInfo=null, err=null, skipPrepare=false]]]]]
class org.apache.ignite.IgniteCheckedException: Failed to connect to node
(is node still alive?). Make sure that each ComputeTask and cache
Transaction has a timeout set in order to prevent parties from waiting
forever in case of network issues
[nodeId=061316a9-6196-471b-a1fc-afa522e7d138, addrs=[/0:0:0:0:0:0:0:1:47100,
/127.0.0.1:47100, YADAVA9-TL2.thcg.net/169.254.230.7:47100,
/10.83.83.119:47100]]
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3459)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createNioClient(TcpCommunicationSpi.java:2987)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.reserveClient(TcpCommunicationSpi.java:2870)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage0(TcpCommunicationSpi.java:2713)
        at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.sendMessage(TcpCommunicationSpi.java:2672)
        at
org.apache.ignite.internal.managers.communication.GridIoManager.send(GridIoManager.java:1656)
        at
org.apache.ignite.internal.managers.communication.GridIoManager.sendToGridTopic(GridIoManager.java:1731)
        at
org.apache.ignite.internal.processors.cache.GridCacheIoManager.send(GridCacheIoManager.java:1170)
        at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.sendLocalPartitions(GridDhtPartitionsExchangeFuture.java:1883)
        at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.clientOnlyExchange(GridDhtPartitionsExchangeFuture.java:1335)
        at
org.apache.ignite.internal.processors.cache.distributed.dht.preloader.GridDhtPartitionsExchangeFuture.init(GridDhtPartitionsExchangeFuture.java:818)
        at
org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body0(GridCachePartitionExchangeManager.java:2681)
        at
org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager$ExchangeWorker.body(GridCachePartitionExchangeManager.java:2553)
        at
org.apache.ignite.internal.util.worker.GridWorker.run(GridWorker.java:120)
        at java.base/java.lang.Thread.run(Thread.java:835)
        Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
                ... 14 more
        Caused by: class
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
Remote node ID is not as expected
[expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
                ... 14 more
        Suppressed: class org.apache.ignite.IgniteCheckedException: Failed to
connect to address [addr=/0:0:0:0:0:0:0:1:47100, err=Remote node ID is not
as expected [expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3462)
                ... 14 more
        Caused by: class
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi$HandshakeException:
Remote node ID is not as expected
[expected=061316a9-6196-471b-a1fc-afa522e7d138, rcvd=null]
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.safeTcpHandshake(TcpCommunicationSpi.java:3678)
                at
org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi.createTcpClient(TcpCommunicationSpi.java:3313)
                ... 14 more








--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
alokyadav12 alokyadav12
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

On both the nodes getting following message
Security status [authentication=off, tls/ssl=on]
[11:38:57] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.

As it says tls/ssl=on assuming that SSL is on both the nodes. if i remove
the ssl configuration it works but when add configuration getting message
ssl=on when starting nodes.





--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

Hello!

Did you specify any trust store? My next guess will be that your certs fail to verify. Can you share verbose logs from both nodes? Preferably with DEBUG enabled.

Regards,
--
Ilya Kasnacheev


пн, 14 окт. 2019 г. в 18:29, alokyadav12 <[hidden email]>:
On both the nodes getting following message
Security status [authentication=off, tls/ssl=on]
[11:38:57] Started write-ahead log manager in NONE mode, persisted data may
be lost in a case of unexpected node failure. Make sure to deactivate the
cluster before shutdown.

As it says tls/ssl=on assuming that SSL is on both the nodes. if i remove
the ssl configuration it works but when add configuration getting message
ssl=on when starting nodes.





--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
alokyadav12 alokyadav12
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

This is the only configuration we have to enable SSL
  <sslContextFactory type="SslContextFactory" protocol="SSL"
keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword"  />

Attached are log files for server and client node
Where to define trust store?

Server.log
<http://apache-ignite-users.70518.x6.nabble.com/file/t2641/Server.log>  
ClientNode.log
<http://apache-ignite-users.70518.x6.nabble.com/file/t2641/ClientNode.log>  



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

Hello!

It should look like toe following:
   <sslContextFactory type='SslContextFactory' protocol='SSL'
                       keyStoreFilePath='KeyStore/server.jks' keyStorePassword='123456'
                       trustStoreFilePath='KeyStore/trust.jks' trustStorePassword='123456'/>

Please note that pfx would likely not work, I recommend building Java key store out of your keys/certificates.


Currently you don't have any trust store, this means certs are not checked and there's no authentication (only encryption).

Regards,
--
Ilya Kasnacheev


пн, 14 окт. 2019 г. в 23:51, alokyadav12 <[hidden email]>:
This is the only configuration we have to enable SSL
  <sslContextFactory type="SslContextFactory" protocol="SSL"
keyStoreFilePath="Ignite.pfx" keyStorePassword="P@ssword"  />

Attached are log files for server and client node
Where to define trust store?

Server.log
<http://apache-ignite-users.70518.x6.nabble.com/file/t2641/Server.log
ClientNode.log
<http://apache-ignite-users.70518.x6.nabble.com/file/t2641/ClientNode.log



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
alokyadav12 alokyadav12
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

Thanks, solution worked for my test setup, but when i am adding same code to
my project then its still throwing the same exception.

One change i noticed in my test application that its using the JRE and out
project is pointing to Open JDK 12.
Does this can create issue?

If i run Ignite server from my project and thick client from my test
application then it works. But when i run server and client from my project
then it wont work.

Only JDK difference i found other than that there is no code difference.
Both are using same code, one is working fine other dont.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/
ilya.kasnacheev ilya.kasnacheev
Reply | Threaded
Open this post in threaded view
|

Re: Authenticating communication between nodes using Ignite.Net

Hello!

It's hard to say why this may be. Maybe your client can't find one of key files by specified path?

If you have a reproducer project which you can share, I could look into it. I can ever take my own keys from Ignite tests, so you don't have to share these.

Regards,
--
Ilya Kasnacheev


ср, 16 окт. 2019 г. в 22:33, alokyadav12 <[hidden email]>:
Thanks, solution worked for my test setup, but when i am adding same code to
my project then its still throwing the same exception.

One change i noticed in my test application that its using the JRE and out
project is pointing to Open JDK 12.
Does this can create issue?

If i run Ignite server from my project and thick client from my test
application then it works. But when i run server and client from my project
then it wont work.

Only JDK difference i found other than that there is no code difference.
Both are using same code, one is working fine other dont.



--
Sent from: http://apache-ignite-users.70518.x6.nabble.com/