Re: Ignite communicating with non ignite servers
Hi, Can you please tell what scan were you running? I want to reproduce this issue using tenable.sc. Thank you, Evgenii вт, 22 сент. 2020 г. в 06:55, Ilya Kasnacheev : > Hello! > > I don't think it should cause heap dumps. Here you are showing just a > warning. This warning may be ignored. > > It's outside of scope of Apache Ignite to disable something else to try > connecting to it. If you have invasive security port scanning, you will > expect to see warnings/errors in the logs of any network application. > > Regards, > -- > Ilya Kasnacheev > > > вт, 22 сент. 2020 г. в 16:26, ignite_user2016 : > >> We have SSL enabled on all servers but some how it s trying to attempt >> connection on SSL causing heap dumps. Is there a way to disable to >> external >> server try connecting to ignite ? >> >> 2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%] >> org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client >> disconnected abruptly due to network connection loss or because the >> connection was left open on application shutdown. [cls=class >> o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data: >> GridSelectorNioSessionImpl [worker=DirectNioClientWorker >> [super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0, >> bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker >> [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid, >> finished=false, heartbeatTs=1599796365124, hashCode=1230825885, >> interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]], >> writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768], >> readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], >> inRecovery=null, >> outRecovery=null, closeSocket=true, >> >> outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1 >> , >> super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN* >> SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0, >> bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124, >> lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false, >> filterChain=FilterChain[filters=[GridNioCodecFilter >> [parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true], >> GridConnectionBytesVerifyFilter, SSL filter], accepted=true, >> markedForClose=false]]] >> >> >> >> -- >> Sent from: http://apache-ignite-users.70518.x6.nabble.com/ >> >
Re: Ignite communicating with non ignite servers
Hello! I don't think it should cause heap dumps. Here you are showing just a warning. This warning may be ignored. It's outside of scope of Apache Ignite to disable something else to try connecting to it. If you have invasive security port scanning, you will expect to see warnings/errors in the logs of any network application. Regards, -- Ilya Kasnacheev вт, 22 сент. 2020 г. в 16:26, ignite_user2016 : > We have SSL enabled on all servers but some how it s trying to attempt > connection on SSL causing heap dumps. Is there a way to disable to external > server try connecting to ignite ? > > 2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%] > org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client > disconnected abruptly due to network connection loss or because the > connection was left open on application shutdown. [cls=class > o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data: > GridSelectorNioSessionImpl [worker=DirectNioClientWorker > [super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0, > bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker > [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid, > finished=false, heartbeatTs=1599796365124, hashCode=1230825885, > interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]], > writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768], > readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], > inRecovery=null, > outRecovery=null, closeSocket=true, > > outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1 > , > super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN* > SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0, > bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124, > lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false, > filterChain=FilterChain[filters=[GridNioCodecFilter > [parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true], > GridConnectionBytesVerifyFilter, SSL filter], accepted=true, > markedForClose=false]]] > > > > -- > Sent from: http://apache-ignite-users.70518.x6.nabble.com/ >
Re: Ignite communicating with non ignite servers
We have SSL enabled on all servers but some how it s trying to attempt connection on SSL causing heap dumps. Is there a way to disable to external server try connecting to ignite ? 2020-09-10 22:52:47,029 WARN [grid-nio-worker-tcp-comm-3-#27%NAME_GRID%] org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi Client disconnected abruptly due to network connection loss or because the connection was left open on application shutdown. [cls=class o.a.i.i.util.nio.GridNioException, msg=Failed to decode SSL data: GridSelectorNioSessionImpl [worker=DirectNioClientWorker [super=AbstractNioClientWorker [idx=3, bytesRcvd=13315002728, bytesSent=0, bytesRcvd0=18, bytesSent0=0, select=true, super=GridWorker [name=grid-nio-worker-tcp-comm-3, igniteInstanceName=WebGrid, finished=false, heartbeatTs=1599796365124, hashCode=1230825885, interrupted=false, runner=grid-nio-worker-tcp-comm-3-#27%WebGrid%]]], writeBuf=java.nio.DirectByteBuffer[pos=0 lim=32768 cap=32768], readBuf=java.nio.DirectByteBuffer[pos=18 lim=18 cap=32768], inRecovery=null, outRecovery=null, closeSocket=true, outboundMessagesQueueSizeMetric=o.a.i.i.processors.metric.impl.LongAdderMetric@69a257d1, super=GridNioSessionImpl [locAddr=/*IG_SERVER1*:47101, rmtAddr=/*SEC_SCAN* SERVER:52082, createTime=1599796365124, closeTime=0, bytesSent=0, bytesRcvd=18, bytesSent0=0, bytesRcvd0=18, sndSchedTime=1599796365124, lastSndTime=1599796365124, lastRcvTime=1599796367026, readsPaused=false, filterChain=FilterChain[filters=[GridNioCodecFilter [parser=o.a.i.i.util.nio.GridDirectParser@20ca1d6a, directMode=true], GridConnectionBytesVerifyFilter, SSL filter], accepted=true, markedForClose=false]]] -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Ignite communicating with non ignite servers
Hello! Well, you could enable SSL on all ports, in this case you can block off the security scanner. Regards, -- Ilya Kasnacheev пн, 21 сент. 2020 г. в 19:03, ignite_user2016 : > Recently, we migrated ignite to JDK11, all works well except when we run > our > security scan, ignite node tries to connect on that servers and result in > out of memory and heap dump errors. > > Is it possible where we can stop that scan server connecting to ignite ? > > Any configuration ? > > help is much appreciated. > > And I have observed that ignite visor is also broken where it cant give us > the states for nodes, memory and CPU. > > Thanks.. > Rishi > > > > -- > Sent from: http://apache-ignite-users.70518.x6.nabble.com/ >
Re: Ignite communicating with non ignite servers
we use Nessus security tool, and the module is Tenable.sc which scans the vulnerability on spring boot app which runs with ignite client. -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/
Re: Ignite communicating with non ignite servers
Hi, What security scan tool do you use? Evgenii пн, 21 сент. 2020 г. в 09:03, ignite_user2016 : > Recently, we migrated ignite to JDK11, all works well except when we run > our > security scan, ignite node tries to connect on that servers and result in > out of memory and heap dump errors. > > Is it possible where we can stop that scan server connecting to ignite ? > > Any configuration ? > > help is much appreciated. > > And I have observed that ignite visor is also broken where it cant give us > the states for nodes, memory and CPU. > > Thanks.. > Rishi > > > > -- > Sent from: http://apache-ignite-users.70518.x6.nabble.com/ >
Ignite communicating with non ignite servers
Recently, we migrated ignite to JDK11, all works well except when we run our security scan, ignite node tries to connect on that servers and result in out of memory and heap dump errors. Is it possible where we can stop that scan server connecting to ignite ? Any configuration ? help is much appreciated. And I have observed that ignite visor is also broken where it cant give us the states for nodes, memory and CPU. Thanks.. Rishi -- Sent from: http://apache-ignite-users.70518.x6.nabble.com/