我尝试在Spring应用程序中设置一个带有SSL加密的Ignite群集。 我的目标是在多个节点上设置一个复制缓存。
我们将应用程序部署到Tomcat 8中,并在Tomcat启动时为我们的Key-和Truststore设置环境变量。
我想在Spring应用程序中启动Ignite嵌入式。所以我创建了一个返回CacheManager的Bean。
@Bean
public SpringCacheManager replicatedCache() {
int[] eventTypes = new int[] {EventType.EVT_CACHE_ENTRY_EVICTED, EventType.EVT_CACHE_OBJECT_REMOVED, EventType.EVT_CACHE_ENTRY_DESTROYED, EventType.EVT_CACHE_OBJECT_EXPIRED};
SpringCacheManager cacheManager = new SpringCacheManager();
IgniteConfiguration configuration = new IgniteConfiguration();
configuration.setIncludeEventTypes(eventTypes);
configuration.setGridName("igniteCluster");
Slf4jLogger logger = new Slf4jLogger(LoggerFactory.getLogger(IGNITE_CACHE_LOGGER_NAME));
configuration.setGridLogger(logger);
CacheConfiguration cacheConfiguration1 = new CacheConfiguration();
cacheConfiguration1.setName("replicatedCache");
cacheConfiguration1.setCacheMode(CacheMode.REPLICATED);
cacheConfiguration1.setAtomicityMode(CacheAtomicityMode.TRANSACTIONAL);
configuration.setCacheConfiguration(cacheConfiguration1);
configuration.setSslContextFactory(() -> {
try {
return SSLContext.getDefault();
} catch (NoSuchAlgorithmException e) {
throw new WA3InternalErrorException("Could not create SSLContext", e);
}
});
configuration.setLocalHost(env.getProperty("caching.localBind", "0.0.0.0"));
TcpDiscoveryVmIpFinder ipFinder = new TcpDiscoveryVmIpFinder();
List<String> nodes = Arrays.stream(env.getRequiredProperty("caching.nodes").split(",")).collect(Collectors.toList());
ipFinder.setAddresses(nodes);
TcpDiscoverySpi spi = new TcpDiscoverySpi();
spi.setIpFinder(ipFinder);
configuration.setDiscoverySpi(spi);
TcpCommunicationSpi communicationSpi = new TcpCommunicationSpi();
communicationSpi.setLocalPort(env.getRequiredProperty("caching.localPort", Integer.class));
communicationSpi.setConnectTimeout(100000); // Line added in first edit
configuration.setCommunicationSpi(communicationSpi);
IgnitePredicate<? extends CacheEvent> localEvent = event -> {
System.out.println(event);
return true;
};
Map<IgnitePredicate<? extends Event>, int[]> ignitePredicateIntegerMap = Collections.singletonMap(localEvent, eventTypes);
configuration.setLocalEventListeners(ignitePredicateIntegerMap);
cacheManager.setConfiguration(configuration);
return cacheManager;
}
如您所见,我也在这里配置Ignite。
绑定到服务器的IP地址并将一个端口(如默认端口47100)设置为CommunicationSpi。
我在这里使用SSLContext.getDefault()
,因此它使用默认的Key-和Truststores。
一切正常,当SSL被禁用时(不设置SSLContextFactory)。 但是一旦我设置工厂,节点仍然可以找到,但不能相互通信。
指标日志看起来很好,2个节点符合预期:
Metrics for local node (to disable set 'metricsLogFrequency' to 0) ^-- Node [id=41687971, name=igniteCluster, uptime=00:54:00:302] ^-- H/N/C [hosts=2, nodes=2, CPUs=4] ^-- CPU [cur=33.5%, avg=36.96%, GC=0%] ^-- Heap [used=193MB, free=85.51%, comm=627MB] ^-- Non heap [used=125MB, free=-1%, comm=127MB] ^-- Public thread pool [active=0, idle=2, qSize=0] ^-- System thread pool [active=0, idle=7, qSize=0] ^-- Outbound messages queue [size=0]
到目前为止我能看到的是,Ignite正在尝试连接端口 - 失败,增加该端口并再次尝试。
2017-05-02T08:15:35,154 [] [] [grid-nio-worker-tcp-comm-1-#18%igniteCluster%] WARN org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi [warning():104] [] - Communication SPI session write timed out (consider increasing 'socketWriteTimeout' configuration property) [remoteAddr=/10.30.0.106:53603, writeTimeout=2000] 2017-05-02T08:15:39,192 [] [] [grid-nio-worker-tcp-comm-2-#19%igniteCluster%] WARN org.apache.ignite.spi.communication.tcp.TcpCommunicationSpi [warning():104] [] - Communication SPI session write timed out (consider increasing 'socketWriteTimeout' configuration property) [remoteAddr=/10.30.0.106:53604, writeTimeout=2000]
我不知道那是什么端口。 我已经多次重启所有节点,看起来它是从30000到50000之间的随机端口开始的。
我的最后一个问题是: 我在这里错过了什么? 为什么我的SSL连接不起作用?
此致
我已经增加了超时,正如瓦伦丁建议的那样。我的群集仍有问题。
2017-05-03T12:19:29,429 [] [] [localhost-startStop-1] WARN org.apache.ignite.internal.processors.cache.GridCachePartitionExchangeManager [warning():104] [] - Failed to wait for initial partition map exchange. Possible reasons are: ^-- Transactions in deadlock. ^-- Long running transactions (ignore if this is the case). ^-- Unreleased explicit locks.
我在试图连接到群集的节点上获取这些日志消息。
答案 0 :(得分:0)
尝试增加socketWriteTimeout
,如错误消息所示。 SSL连接速度较慢,并且网络中的默认值可能不够。