This is an automated email from the ASF dual-hosted git repository. dmagda pushed a commit to branch ignite-2.9-docs in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/ignite-2.9-docs by this push: new 1a5e3d2 ignite docs: updated the TcpDiscovery.soLinger documentation 1a5e3d2 is described below commit 1a5e3d263b80d00bccebf3e225e36c273183e12c Author: Denis Magda <dma...@gridgain.com> AuthorDate: Fri Nov 13 11:47:44 2020 -0800 ignite docs: updated the TcpDiscovery.soLinger documentation --- docs/_docs/clustering/network-configuration.adoc | 5 +++++ docs/_docs/security/ssl-tls.adoc | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/docs/_docs/clustering/network-configuration.adoc b/docs/_docs/clustering/network-configuration.adoc index d656b0c..8c0e0f8 100644 --- a/docs/_docs/clustering/network-configuration.adoc +++ b/docs/_docs/clustering/network-configuration.adoc @@ -56,6 +56,11 @@ You can find the complete list of properties in the javadoc:org.apache.ignite.sp | `localPort` | The port that the node binds to. If set to a non-default value, other cluster nodes must know this port to be able to discover the node. | `47500` | `localPortRange`| If the `localPort` is busy, the node attempts to bind to the next port (incremented by 1) and continues this process until it finds a free port. The `localPortRange` property defines the number of ports the node will try (starting from `localPort`). | `100` +| `soLinger`| Specifies a linger-on-close timeout of TCP sockets used by Discovery SPI. See Java `Socket.setSoLinger` API +for details on how to adjust this setting. In Ignite, the timeout defaults to a non-negative value to prevent +link:https://bugs.openjdk.java.net/browse/JDK-8219658[potential deadlocks with SSL connections, window=_blank] but, +as a side effect, this can prolong the detection of cluster node failures. Alternatively, update your JRE version to the +one with the SSL issue fixed and adjust this setting accordingly. | `0` | `reconnectCount` | The number of times the node tries to (re)establish connection to another node. |`10` | `networkTimeout` | The maximum network timeout in milliseconds for network operations. |`5000` | `socketTimeout` | The socket operations timeout. This timeout is used to limit connection time and write-to-socket time. |`5000` diff --git a/docs/_docs/security/ssl-tls.adoc b/docs/_docs/security/ssl-tls.adoc index bf5a90e..b56b209 100644 --- a/docs/_docs/security/ssl-tls.adoc +++ b/docs/_docs/security/ssl-tls.adoc @@ -32,6 +32,14 @@ To enable SSL/TLS for cluster nodes, configure an `SSLContext` factory in the no You can use the `org.apache.ignite.ssl.SslContextFactory`, which is the default factory that uses a configurable keystore to initialize the SSL context. //You can also implement your own `SSLContext` factory. +[CAUTION] +==== +Ensure that your version of the JVM addresses +link:https://bugs.openjdk.java.net/browse/JDK-8219658[the following issue, window=_blank] that can cause deadlocks +in SSL connections. If your JVM is affected but can't be updated, then set +the link:clustering/network-configuration[`TcpDiscoverySpi.soLinger`] parameter to a non-negative value. +==== + Below is an example of `SslContextFactory` configuration: [tabs]