[英]Set up Ignite cluster with SSL in spring using SSLContext.getDefault()
我正在嘗試在Spring應用程序中使用SSL加密設置Ignite群集。 我的目標是在多個節點上建立復制的緩存。
我們將應用程序部署到Tomcat 8中,並在Tomcat啟動時為Key-和Truststore設置環境變量。
我想啟動嵌入在Spring應用程序中的Ignite。 因此,我創建了一個返回CacheManager的Bean。
@Bean
public SpringCacheManager replicatedCache() {
int[] eventTypes = new int[] {EventType.EVT_CACHE_ENTRY_EVICTED, EventType.EVT_CACHE_OBJECT_REMOVED, EventType.EVT_CACHE_ENTRY_DESTROYED, EventType.EVT_CACHE_OBJECT_EXPIRED};
SpringCacheManager cacheManager = new SpringCacheManager();
IgniteConfiguration configuration = new IgniteConfiguration();
configuration.setIncludeEventTypes(eventTypes);
configuration.setGridName("igniteCluster");
Slf4jLogger logger = new Slf4jLogger(LoggerFactory.getLogger(IGNITE_CACHE_LOGGER_NAME));
configuration.setGridLogger(logger);
CacheConfiguration cacheConfiguration1 = new CacheConfiguration();
cacheConfiguration1.setName("replicatedCache");
cacheConfiguration1.setCacheMode(CacheMode.REPLICATED);
cacheConfiguration1.setAtomicityMode(CacheAtomicityMode.TRANSACTIONAL);
configuration.setCacheConfiguration(cacheConfiguration1);
configuration.setSslContextFactory(() -> {
try {
return SSLContext.getDefault();
} catch (NoSuchAlgorithmException e) {
throw new WA3InternalErrorException("Could not create SSLContext", e);
}
});
configuration.setLocalHost(env.getProperty("caching.localBind", "0.0.0.0"));
TcpDiscoveryVmIpFinder ipFinder = new TcpDiscoveryVmIpFinder();
List<String> nodes = Arrays.stream(env.getRequiredProperty("caching.nodes").split(",")).collect(Collectors.toList());
ipFinder.setAddresses(nodes);
TcpDiscoverySpi spi = new TcpDiscoverySpi();
spi.setIpFinder(ipFinder);
configuration.setDiscoverySpi(spi);
TcpCommunicationSpi communicationSpi = new TcpCommunicationSpi();
communicationSpi.setLocalPort(env.getRequiredProperty("caching.localPort", Integer.class));
communicationSpi.setConnectTimeout(100000); // Line added in first edit
configuration.setCommunicationSpi(communicationSpi);
IgnitePredicate<? extends CacheEvent> localEvent = event -> {
System.out.println(event);
return true;
};
Map<IgnitePredicate<? extends Event>, int[]> ignitePredicateIntegerMap = Collections.singletonMap(localEvent, eventTypes);
configuration.setLocalEventListeners(ignitePredicateIntegerMap);
cacheManager.setConfiguration(configuration);
return cacheManager;
}
如您所見,我還在此處配置Ignite。 綁定到服務器的IP地址,並為CommunicationSpi設置一個端口(默認端口為47100)。 我在這里使用SSLContext.getDefault() ,因此它使用的是默認的密鑰庫和信任庫。
禁用SSL(不設置SSLContextFactory)時,一切正常。 但是,一旦我設置了“工廠”,節點仍然可以找到,但無法相互通信。
指標日志看起來不錯,如預期的那樣有兩個節點:
Metrics for local node (to disable set 'metricsLogFrequency' to 0)
^-- Node [id=41687971, name=igniteCluster, uptime=00:54:00:302]
^-- H/N/C [hosts=2, nodes=2, CPUs=4]
^-- CPU [cur=33.5%, avg=36.96%, GC=0%]
^-- Heap [used=193MB, free=85.51%, comm=627MB]
^-- Non heap [used=125MB, free=-1%, comm=127MB]
^-- Public thread pool [active=0, idle=2, qSize=0]
^-- System thread pool [active=0, idle=7, qSize=0]
^-- Outbound messages queue [size=0]
到目前為止,我能看到的是,Ignite正在嘗試在端口上進行連接-失敗,將該端口遞增,然后重試。
2017-05-02T08:15:35,154 [] [] [grid-nio-worker-tcp-comm-1-#18%igniteCluster%] WARN org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi [warning():104] [] - Communication SPI session write timed out (consider increasing 'socketWriteTimeout' configuration property) [remoteAddr=/10.30.0.106:53603, writeTimeout=2000] 2017-05-02T08:15:39,192 [] [] [grid-nio-worker-tcp-comm-2-#19%igniteCluster%] WARN org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi [warning():104] [] - Communication SPI session write timed out (consider increasing 'socketWriteTimeout' configuration property) [remoteAddr=/10.30.0.106:53604, writeTimeout=2000]
我不知道那是哪個端口。 我已經重新啟動了所有節點幾次,看來它是從30000到50000之間的隨機端口開始的。
我最后的問題是:我在這里想念什么? 為什么我的SSL連接不起作用?
問候
正如Valentin建議的那樣,我增加了超時時間。 我的集群仍然有問題。
2017-05-03T12:19:29,429 [] [] [localhost-startStop-1] WARN org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager [warning():104] [] - Failed to wait for initial partition map exchange. Possible reasons are:
^-- Transactions in deadlock.
^-- Long running transactions (ignore if this is the case).
^-- Unreleased explicit locks.
我在嘗試連接到群集的節點上收到這些日志消息。
嘗試增加socketWriteTimeout ,如錯誤消息所示。 SSL連接速度較慢,並且網絡中的默認值可能不足以容納它。
對於SSLContext類型,方法getDefault()是未定義的?
[英]The method getDefault() is undefined for the type SSLContext?
如何使用Java中來自Azure KeyVault的證書設置SSLContext
[英]How do I set up a SSLContext using certificate from Azure KeyVault in Java
如何使用AES-256在Spring Boot上設置SSL(TLS)/ HTTPS?
[英]How to set up SSL (TLS) / HTTPS on Spring Boot using AES-256?
如何在 Spring Kafka 配置中設置 ssl 文件的位置?
[英]How to set up ssl file's location in Spring Kafka configuration?
使用javax.net.ssl.SSLContext時禁用弱ssl密碼
[英]Disable weak ssl ciphers while using javax.net.ssl.SSLContext
如何在 Java Spring 引導中從本地計算機連接到 Ignite 集群?
[英]How to connect to Ignite cluster from Local machine in Java Spring boot?
我們可以在不運行單獨的 ignite 集群的情況下將 Apache ignite 與 spring 應用程序一起使用嗎
[英]Can we use Apache ignite with spring application without running separate ignite cluster
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.