[jira] [Created] (IGNITE-11110) UnsupportedOperationException: null when stopping grid
Jens Borgland created IGNITE-0: -- Summary: UnsupportedOperationException: null when stopping grid Key: IGNITE-0 URL: https://issues.apache.org/jira/browse/IGNITE-0 Project: Ignite Issue Type: Bug Affects Versions: 2.7 Reporter: Jens Borgland After upgrading to 2.7 we've started getting these errors when stopping grids: {noformat} java.lang.UnsupportedOperationException: null at org.jsr166.ConcurrentLinkedHashMap.clear(ConcurrentLinkedHashMap.java:1551) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.processors.job.GridJobProcessor.stop(GridJobProcessor.java:264) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.IgniteKernal.stop0(IgniteKernal.java:2356) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.IgniteKernal.stop(IgniteKernal.java:2228) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.stop0(IgnitionEx.java:2612) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.IgnitionEx$IgniteNamedInstance.stop(IgnitionEx.java:2575) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.IgnitionEx.stop(IgnitionEx.java:379) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.Ignition.stop(Ignition.java:225) ~[ignite-core-2.7.0.jar:2.7.0] at org.apache.ignite.internal.IgniteKernal.close(IgniteKernal.java:3568) ~[ignite-core-2.7.0.jar:2.7.0] {noformat} At first glance it looks likely that it was introduced with commit [d04d764|https://github.com/apache/ignite/commit/d04d76440ce86873de7aebc8c03d39484cd1e3e5] (the {{GridJobProcessor}} still calls {{clear()}} on maps). -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Closed] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jens Borgland closed IGNITE-6168. - Seems to be working as expected. Thank you for the swift resolution! > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland >Assignee: Ilya Kasnacheev >Priority: Major > Fix For: 2.3 > > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
[ https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16140537#comment-16140537 ] Jens Borgland commented on IGNITE-6167: --- Thank you [~ilyak]! I did at some point explore this option but I didn't think of delegating to the SSLContext from my SSLContextSpi implementation (and I couldn't find a way of getting hold of a SSLContextSpi instance). I've now done just the thing you suggested and through that also worked around IGNITE-6168. > Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled > TLS protocols and cipher suites > > > Key: IGNITE-6167 > URL: https://issues.apache.org/jira/browse/IGNITE-6167 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland > > It would be very useful to be able to, in addition to the > {{javax.net.ssl.SSLContext}}, either specify a custom > {{javax.net.ssl.SSLServerSocketFactory}} and a custom > {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the > enabled TLS protocols and cipher suites. > I have noticed that the > {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for > the latter but I cannot find a way of getting a reference to the filter > instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as > far as I can tell. > Currently (as far as I can tell) there is no way of specifying the enabled > cipher suites and protocols used by Ignite, without doing it globally for the > JRE. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
[ https://issues.apache.org/jira/browse/IGNITE-6168?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138277#comment-16138277 ] Jens Borgland commented on IGNITE-6168: --- [~ilyak], makes sense since it seems to be a hard requirement for the TcpCommunicationSpi. > Ability to use TLS client authentication in the TcpDiscoverySpi > --- > > Key: IGNITE-6168 > URL: https://issues.apache.org/jira/browse/IGNITE-6168 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland > > I'm working on an application where we use mutual TLS to protect the > communication (of different kinds) between the components. It seems like > Ignite uses mutual TLS for the TcpCommunicationSpi but not for the > TcpDiscoverySpi. Would it be possible to add this ability (one way could > perhaps be by implementing IGNITE-6167 so that it can be done through a > custom socket factory)? > I'm aware that there are other client authentication options for the > discovery SPI but it would be nice to be able to use the same mechanism > everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Commented] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
[ https://issues.apache.org/jira/browse/IGNITE-6167?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16138274#comment-16138274 ] Jens Borgland commented on IGNITE-6167: --- [~ilyak], perhaps it's me who's missing something obvious but I cannot really find a reasonable way of subclassing SSLContext - and getSocketFactory() and getServerSocketFactory() are both final. I have however created my own SslContextFactory (in order to set up revocation checking the way I need) and that part works fine. > Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled > TLS protocols and cipher suites > > > Key: IGNITE-6167 > URL: https://issues.apache.org/jira/browse/IGNITE-6167 > Project: Ignite > Issue Type: Wish >Affects Versions: 2.1 >Reporter: Jens Borgland > > It would be very useful to be able to, in addition to the > {{javax.net.ssl.SSLContext}}, either specify a custom > {{javax.net.ssl.SSLServerSocketFactory}} and a custom > {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the > enabled TLS protocols and cipher suites. > I have noticed that the > {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for > the latter but I cannot find a way of getting a reference to the filter > instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as > far as I can tell. > Currently (as far as I can tell) there is no way of specifying the enabled > cipher suites and protocols used by Ignite, without doing it globally for the > JRE. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (IGNITE-6168) Ability to use TLS client authentication in the TcpDiscoverySpi
Jens Borgland created IGNITE-6168: - Summary: Ability to use TLS client authentication in the TcpDiscoverySpi Key: IGNITE-6168 URL: https://issues.apache.org/jira/browse/IGNITE-6168 Project: Ignite Issue Type: Wish Affects Versions: 2.1 Reporter: Jens Borgland I'm working on an application where we use mutual TLS to protect the communication (of different kinds) between the components. It seems like Ignite uses mutual TLS for the TcpCommunicationSpi but not for the TcpDiscoverySpi. Would it be possible to add this ability (one way could perhaps be by implementing IGNITE-6167 so that it can be done through a custom socket factory)? I'm aware that there are other client authentication options for the discovery SPI but it would be nice to be able to use the same mechanism everywhere. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Created] (IGNITE-6167) Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites
Jens Borgland created IGNITE-6167: - Summary: Ability to set custom SSLServerSocketFactory and SSLSocketFactory or enabled TLS protocols and cipher suites Key: IGNITE-6167 URL: https://issues.apache.org/jira/browse/IGNITE-6167 Project: Ignite Issue Type: Wish Affects Versions: 2.1 Reporter: Jens Borgland It would be very useful to be able to, in addition to the {{javax.net.ssl.SSLContext}}, either specify a custom {{javax.net.ssl.SSLServerSocketFactory}} and a custom {{javax.net.ssl.SSLSocketFactory}}, or to be able to at least specify the enabled TLS protocols and cipher suites. I have noticed that the {{org.apache.ignite.internal.util.nio.ssl.GridNioSslFilter}} has support for the latter but I cannot find a way of getting a reference to the filter instance. The {{GridNioSslFilter}} also isn't used by {{TcpDiscoverySpi}} as far as I can tell. Currently (as far as I can tell) there is no way of specifying the enabled cipher suites and protocols used by Ignite, without doing it globally for the JRE. -- This message was sent by Atlassian JIRA (v6.4.14#64029)