This is an automated email from the ASF dual-hosted git repository.
fanningpj pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/pekko.git
The following commit(s) were added to refs/heads/main by this push:
new c44dc07ed8 Issue forming mixed Akka/Pekko cluster when classic
remoting with SSL/TLS is used (#1857)
c44dc07ed8 is described below
commit c44dc07ed816f86ca387563a4279d664c8ff4d9d
Author: PJ Fanning <[email protected]>
AuthorDate: Wed May 21 20:58:30 2025 +0100
Issue forming mixed Akka/Pekko cluster when classic remoting with SSL/TLS
is used (#1857)
* create test for mixed cluster (classic netty with ssl)
* wip
* truststore/keystore
* Update MixedProtocolClusterSpec.scala
* Update MixedProtocolClusterSpec.scala
---
cluster/src/main/resources/reference.conf | 2 +-
.../org/apache/pekko/cluster/ClusterDaemon.scala | 5 +-
cluster/src/test/resources/keystore | Bin 0 -> 2429 bytes
cluster/src/test/resources/keystore.readme | 4 +
cluster/src/test/resources/truststore | Bin 0 -> 1206 bytes
.../pekko/cluster/MixedProtocolClusterSpec.scala | 106 +++++++++++++++++++--
.../migration/migration-guide-akka-1.0.x.md | 1 +
.../scala/org/apache/pekko/remote/Remoting.scala | 9 +-
8 files changed, 111 insertions(+), 16 deletions(-)
diff --git a/cluster/src/main/resources/reference.conf
b/cluster/src/main/resources/reference.conf
index dd372f5da1..f3daa80e7a 100644
--- a/cluster/src/main/resources/reference.conf
+++ b/cluster/src/main/resources/reference.conf
@@ -325,7 +325,7 @@ pekko {
"socksNonProxyHosts", "http.nonProxyHosts", "ftp.nonProxyHosts",
"pekko.remote.secure-cookie",
"pekko.remote.classic.netty.ssl.security",
- # Pre 2.6 path, keep around to avoid sending things misconfigured
with old paths
+ # Pre Akka 2.6 path, keep around to avoid sending things
misconfigured with old paths
"pekko.remote.netty.ssl.security",
"pekko.remote.artery.ssl"
]
diff --git
a/cluster/src/main/scala/org/apache/pekko/cluster/ClusterDaemon.scala
b/cluster/src/main/scala/org/apache/pekko/cluster/ClusterDaemon.scala
index 479d58e97b..746c1ceace 100644
--- a/cluster/src/main/scala/org/apache/pekko/cluster/ClusterDaemon.scala
+++ b/cluster/src/main/scala/org/apache/pekko/cluster/ClusterDaemon.scala
@@ -366,8 +366,9 @@ private[cluster] class ClusterCoreDaemon(publisher:
ActorRef, joinConfigCompatCh
val acceptedProtocols: Set[String] = {
val remoteSettings: RemoteSettings = new
RemoteSettings(context.system.settings.config)
val initSet = remoteSettings.AcceptProtocolNames
- val tcpSet = initSet.map(protocol => s"$protocol.tcp")
- initSet ++ tcpSet
+ val tcpSet = initSet.map(protocol => s"$protocol.tcp") // classic remoting
+ val tcpSslSet = initSet.map(protocol => s"$protocol.ssl.tcp") // classic
remoting with SSL
+ initSet ++ tcpSet ++ tcpSslSet
}
var seedNodes = SeedNodes
diff --git a/cluster/src/test/resources/keystore
b/cluster/src/test/resources/keystore
new file mode 100644
index 0000000000..7685885383
Binary files /dev/null and b/cluster/src/test/resources/keystore differ
diff --git a/cluster/src/test/resources/keystore.readme
b/cluster/src/test/resources/keystore.readme
new file mode 100644
index 0000000000..6080c21ccc
--- /dev/null
+++ b/cluster/src/test/resources/keystore.readme
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: Apache-2.0
+
+The keystore and truststore are copies of the remote/src/test/resources files.
+There is a Makefile in remote/src/test/resources that describes how to create
new keystore and truststore.
diff --git a/cluster/src/test/resources/truststore
b/cluster/src/test/resources/truststore
new file mode 100644
index 0000000000..8e0af84787
Binary files /dev/null and b/cluster/src/test/resources/truststore differ
diff --git
a/cluster/src/test/scala/org/apache/pekko/cluster/MixedProtocolClusterSpec.scala
b/cluster/src/test/scala/org/apache/pekko/cluster/MixedProtocolClusterSpec.scala
index f3c8c73adb..57d02f0e7b 100644
---
a/cluster/src/test/scala/org/apache/pekko/cluster/MixedProtocolClusterSpec.scala
+++
b/cluster/src/test/scala/org/apache/pekko/cluster/MixedProtocolClusterSpec.scala
@@ -19,23 +19,25 @@ package org.apache.pekko.cluster
import com.typesafe.config.{ Config, ConfigFactory }
-import org.apache.pekko.testkit.{ LongRunningTest, PekkoSpec }
+import org.apache.pekko
+import pekko.testkit.{ LongRunningTest, PekkoSpec }
object MixedProtocolClusterSpec {
+ import PekkoSpec._
+
val baseConfig: Config =
ConfigFactory.parseString("""
- pekko.actor.provider = "cluster"
- pekko.coordinated-shutdown.terminate-actor-system = on
+ pekko.actor.provider = "cluster"
+ pekko.coordinated-shutdown.terminate-actor-system = on
- pekko.remote.artery.canonical.port = 0
- pekko.remote.classic.netty.tcp.port = 0
- pekko.remote.artery.advanced.aeron.idle-cpu-level = 3
- pekko.remote.accept-protocol-names = ["pekko", "akka"]
+ pekko.remote.artery.canonical.port = 0
+ pekko.remote.classic.netty.tcp.port = 0
+ pekko.remote.artery.advanced.aeron.idle-cpu-level = 3
+ pekko.remote.accept-protocol-names = ["pekko", "akka"]
- pekko.cluster.jmx.multi-mbeans-in-same-jvm = on
- pekko.cluster.configuration-compatibility-check.enforce-on-join = off
- """)
+ pekko.cluster.jmx.multi-mbeans-in-same-jvm = on
+ pekko.cluster.configuration-compatibility-check.enforce-on-join = off""")
val configWithUdp: Config =
ConfigFactory.parseString("""
@@ -79,6 +81,34 @@ object MixedProtocolClusterSpec {
ConfigFactory.parseString("""
pekko.remote.protocol-name = "akka"
""").withFallback(configWithNetty)
+
+ val configWithNettySsl: Config =
+ ConfigFactory.parseString(s"""
+ pekko.remote.classic {
+ enabled-transports = ["pekko.remote.classic.netty.ssl"]
+ netty.ssl.hostname = "localhost"
+ netty.ssl.port = 0
+ netty.ssl.security = {
+ key-store = "${resourcePath("keystore")}"
+ trust-store = "${resourcePath("truststore")}"
+ key-store-password = "changeme"
+ key-password = "changeme"
+ trust-store-password = "changeme"
+ protocol = "TLSv1.2"
+ enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384]
+ }
+ }
+ """).withFallback(configWithNetty)
+
+ val configWithPekkoNettySsl: Config =
+ ConfigFactory.parseString("""
+ pekko.remote.protocol-name = "pekko"
+ """).withFallback(configWithNettySsl)
+
+ val configWithAkkaNettySsl: Config =
+ ConfigFactory.parseString("""
+ pekko.remote.protocol-name = "akka"
+ """).withFallback(configWithNettySsl)
}
class MixedProtocolClusterSpec extends PekkoSpec with ClusterTestKit {
@@ -138,6 +168,23 @@ class MixedProtocolClusterSpec extends PekkoSpec with
ClusterTestKit {
}
}
+ "be allowed to join a cluster with a node using the pekko protocol (netty
ssl)" taggedAs LongRunningTest in {
+
+ val clusterTestUtil = new ClusterTestUtil(system.name)
+ try {
+ // start the first node with the "pekko" protocol
+ clusterTestUtil.newActorSystem(configWithPekkoNettySsl)
+
+ // have a node using the "akka" protocol join
+ val joiningNode =
clusterTestUtil.newActorSystem(configWithAkkaNettySsl)
+ clusterTestUtil.formCluster()
+
+ awaitCond(clusterTestUtil.isMemberUp(joiningNode), message = "awaiting
joining node to be 'Up'")
+ } finally {
+ clusterTestUtil.shutdownAll()
+ }
+ }
+
"allow a node using the pekko protocol to join the cluster (udp)" taggedAs
LongRunningTest in {
val clusterTestUtil = new ClusterTestUtil(system.name)
@@ -188,5 +235,44 @@ class MixedProtocolClusterSpec extends PekkoSpec with
ClusterTestKit {
clusterTestUtil.shutdownAll()
}
}
+
+ "allow a node using the pekko protocol to join the cluster (netty ssl)"
taggedAs LongRunningTest in {
+
+ val clusterTestUtil = new ClusterTestUtil(system.name)
+ try {
+ // create the first node with the "akka" protocol
+ clusterTestUtil.newActorSystem(configWithAkkaNettySsl)
+
+ // have a node using the "pekko" protocol join
+ val joiningNode =
clusterTestUtil.newActorSystem(configWithPekkoNettySsl)
+ clusterTestUtil.formCluster()
+
+ awaitCond(clusterTestUtil.isMemberUp(joiningNode), message = "awaiting
joining node to be 'Up'")
+ } finally {
+ clusterTestUtil.shutdownAll()
+ }
+ }
+
+ "allow a cluster with just pekko nodes (netty ssl)" taggedAs
LongRunningTest in {
+ // this is not a mixed protocol test, but the netty ssl transport seems
not to have many tests
+
+ val cfg = ConfigFactory.parseString("""
+ pekko.remote.accept-protocol-names = ["pekko"]""")
+ .withFallback(configWithPekkoNettySsl)
+ val clusterTestUtil = new ClusterTestUtil(system.name)
+ try {
+ // create the first node with the "pekko" protocol
+ clusterTestUtil.newActorSystem(cfg)
+
+ // have a node using the "pekko" protocol join
+ val joiningNode = clusterTestUtil.newActorSystem(cfg)
+ clusterTestUtil.formCluster()
+
+ awaitCond(clusterTestUtil.isMemberUp(joiningNode), message = "awaiting
joining node to be 'Up'")
+ } finally {
+ clusterTestUtil.shutdownAll()
+ }
+ }
+
}
}
diff --git a/docs/src/main/paradox/migration/migration-guide-akka-1.0.x.md
b/docs/src/main/paradox/migration/migration-guide-akka-1.0.x.md
index 189ed8d6d2..cbdab2b2ac 100644
--- a/docs/src/main/paradox/migration/migration-guide-akka-1.0.x.md
+++ b/docs/src/main/paradox/migration/migration-guide-akka-1.0.x.md
@@ -17,6 +17,7 @@ These migration notes are designed for users migrating from
Akka 2.6 to Pekko 1.
* The Pekko node URLs use different URL schemes.
* `pekko://` instead of `akka://`
* `pekko.tcp://` instead of `akka.tcp://`
+ * `pekko.ssl.tcp://` instead of `akka.ssl.tcp://`
* We have changed the default ports used by the pekko-remote module.
* With @ref:[Classic Remoting](../remoting.md), Akka defaults to 2552,
while Pekko defaults to 7355.
* With @ref:[Artery Remoting](../remoting-artery.md), Akka defaults to
25520, while Pekko defaults to 17355.
diff --git a/remote/src/main/scala/org/apache/pekko/remote/Remoting.scala
b/remote/src/main/scala/org/apache/pekko/remote/Remoting.scala
index 16811bc837..b58d440064 100644
--- a/remote/src/main/scala/org/apache/pekko/remote/Remoting.scala
+++ b/remote/src/main/scala/org/apache/pekko/remote/Remoting.scala
@@ -303,11 +303,14 @@ private[remote] class Remoting(_system:
ExtendedActorSystem, _provider: RemoteAc
if (AcceptProtocolNames.size > 1) {
map.flatMap { case (protocol, transports) =>
val tcpProtocol = protocol.endsWith(".tcp")
- AcceptProtocolNames.map { newProtocol =>
+ AcceptProtocolNames.flatMap { newProtocol =>
if (tcpProtocol)
- s"$newProtocol.tcp" -> transports
+ Seq(
+ s"$newProtocol.tcp" -> transports,
+ s"$newProtocol.ssl.tcp" -> transports
+ )
else
- newProtocol -> transports
+ Seq(newProtocol -> transports)
}
}
} else map
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
