[jira] [Created] (IGNITE-11110) UnsupportedOperationException: null when stopping grid
Jens Borgland created IGNITE-0:
--
Summary: UnsupportedOperationException: null when stopping grid
Key: IGNITE-0
URL: https://issues.apache.org/jira/browse/IGNITE-0
Project: Ignite
Issue Type: Bug
Affects Versions: 2.7
Reporter: Jens Borgland
After upgrading to 2.7 we've started getting these errors when stopping grids:
{noformat}
java.lang.UnsupportedOperationException: null
at
org.jsr166.ConcurrentLinkedHashMap.clear(ConcurrentLinkedHashMap.java:1551)
~[ignite-core-2.7.0.jar:2.7.0]
at
org.apache.ignite.internal.processors.job.GridJobProcessor.stop(GridJobProcessor.java:264)
~[ignite-core-2.7.0.jar:2.7.0]
at
org.apache.ignite.internal.IgniteKernal.stop0(IgniteKernal.java:2356)
~[ignite-core-2.7.0.jar:2.7.0]
at org.apache.ignite.internal.IgniteKernal.stop(IgniteKernal.java:2228)
~[ignite-core-2.7.0.jar:2.7.0]
at
org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.stop0(IgnitionEx.java:2612)
~[ignite-core-2.7.0.jar:2.7.0]
at
org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.stop(IgnitionEx.java:2575)
~[ignite-core-2.7.0.jar:2.7.0]
at org.apache.ignite.internal.IgnitionEx.stop(IgnitionEx.java:379)
~[ignite-core-2.7.0.jar:2.7.0]
at org.apache.ignite.Ignition.stop(Ignition.java:225)
~[ignite-core-2.7.0.jar:2.7.0]
at
org.apache.ignite.internal.IgniteKernal.close(IgniteKernal.java:3568)
~[ignite-core-2.7.0.jar:2.7.0]
{noformat}
At first glance it looks likely that it was introduced with commit
[d04d764|https://github.com/apache/ignite/commit/d04d76440ce86873de7aebc8c03d39484cd1e3e5]
(the {{GridJobProcessor}} still calls {{clear()}} on maps).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
[jira] [Closed] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jens Borgland closed IGNITE-6168. - Seems to be working as expected. Thank you for the swift resolution! > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland >Assignee: Ilya Kasnacheev >Priority: Major > Fix For: 2.3 > > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
[
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16140537#comment-16140537
]
Jens Borgland commented on IGNITE-6167:
---
Thank you [~ilyak]! I did at some point explore this option but I didn't think
of delegating to the SSLContext from my SSLContextSpi implementation (and I
couldn't find a way of getting hold of a SSLContextSpi instance). I've now done
just the thing you suggested and through that also worked around IGNITE-6168.
> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled
> TLS protocols and cipher suites
>
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
> Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the
> {{javax.net.ssl.SSLContext}}, either specify a custom
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the
> enabled TLS protocols and cipher suites.
> I have noticed that the
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for
> the latter but I cannot find a way of getting a reference to the filter
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled
> cipher suites and protocols used by Ignite, without doing it globally for the
> JRE.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138277#comment-16138277 ] Jens Borgland commented on IGNITE-6168: --- [~ilyak], makes sense since it seems to be a hard requirement for the TcpCommunicationSpi. > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
[
https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138274#comment-16138274
]
Jens Borgland commented on IGNITE-6167:
---
[~ilyak], perhaps it's me who's missing something obvious but I cannot really
find a reasonable way of subclassing SSLContext - and getSocketFactory() and
getServerSocketFactory() are both final. I have however created my own
SslContextFactory (in order to set up revocation checking the way I need) and
that part works fine.
> Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled
> TLS protocols and cipher suites
>
>
> Key: IGNITE-6167
> URL: https://issues.apache.org/jira/browse/IGNITE-6167
> Project: Ignite
> Issue Type: Wish
>Affects Versions: 2.1
>Reporter: Jens Borgland
>
> It would be very useful to be able to, in addition to the
> {{javax.net.ssl.SSLContext}}, either specify a custom
> {{javax.net.ssl.SSLServerSocketFactory}} and a custom
> {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the
> enabled TLS protocols and cipher suites.
> I have noticed that the
> {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for
> the latter but I cannot find a way of getting a reference to the filter
> instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as
> far as I can tell.
> Currently (as far as I can tell) there is no way of specifying the enabled
> cipher suites and protocols used by Ignite, without doing it globally for the
> JRE.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
[jira] [Created] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
Jens Borgland created IGNITE-6168: - Summary: Ability to use TLS client authentication in the TcpDiscoverySpi Key: IGNITE-6168 URL: https://issues.apache.org/jira/browse/IGNITE-6168 Project: Ignite Issue Type: Wish Affects Versions: 2.1 Reporter: Jens Borgland I'm working on an application where we use mutual TLS to protect the communication (of different kinds) between the components. It seems like Ignite uses mutual TLS for the TcpCommunicationSpi but not for the TcpDiscoverySpi. Would it be possible to add this ability (one way could perhaps be by implementing IGNITE-6167 so that it can be done through a custom socket factory)? I'm aware that there are other client authentication options for the discovery SPI but it would be nice to be able to use the same mechanism everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
Jens Borgland created IGNITE-6167:
-
Summary: Ability to set custom SSLServerSocketFactory and
SSLSocketFactory or enabled TLS protocols and cipher suites
Key: IGNITE-6167
URL: https://issues.apache.org/jira/browse/IGNITE-6167
Project: Ignite
Issue Type: Wish
Affects Versions: 2.1
Reporter: Jens Borgland
It would be very useful to be able to, in addition to the
{{javax.net.ssl.SSLContext}}, either specify a custom
{{javax.net.ssl.SSLServerSocketFactory}} and a custom
{{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the
enabled TLS protocols and cipher suites.
I have noticed that the
{{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for
the latter but I cannot find a way of getting a reference to the filter
instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as
far as I can tell.
Currently (as far as I can tell) there is no way of specifying the enabled
cipher suites and protocols used by Ignite, without doing it globally for the
JRE.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
