We are using Redis for cache in application which is configured in spring beans, spring-data-redis 1.7.1, jedis 2.9.0.
How to enable TLS in jedis while connecting with Redis cluster ?
Please comment if you have any suggestions
You might actually need a slightly version of spring-data-redis but with spring-data-redis version 1.8.11 and jedis 2.9 this works:
<beans:bean id='cacheManager'
class='org.springframework.data.redis.cache.RedisCacheManager'
c:redis-operations-ref='redisTemplate'/>
<beans:bean id='redisTemplate' class='org.springframework.data.redis.core.RedisTemplate' p:connection-factory-ref='jedisConFac' />
<beans:bean id='jedisConFac' class='org.springframework.data.redis.connection.jedis.JedisConnectionFactory' p:host-name='HOST' p:port='PORT' p:use-ssl='true' />
Related
I'm trying to set up a distributed cache using Ignite and my java app through a thin client in a Kubernetes environment.
In my Kubernetes cluster, I have 2 pods with the java app and 2 pods of ignite. For the java pods to communicate with ignite pods, I have configured a thin client to connect with the ignite kubernetes service. With this configuration, I was expecting that the load balancing was on the kubernetes side. Here's what I have done in java code:
ClientConfiguration cfg = new ClientConfiguration()
.setAddresses("ignite-service.default.svc.cluster.local:10800")
.setUserName("user")
.setUserPassword("password");
IgniteClient igniteClient = Ignition.startClient(cfg);
While storing and getting objects from ignite, I deleted one of the ignite pods and, after a while, I was getting errors saying that "Ignite cluster is unavailable":
org.apache.ignite.client.ClientConnectionException: Ignite cluster is unavailable
With this behavior, I assume that the method setAddresses in ClientConfiguration class stores one of the IPs of the pods and channels all communication to that pod.
Is this what's happening in this method?
Ignite version 2.7
Kubernetes version 1.12.3
You need to pass several IP addresses to enable the failover (aka. automatic reconnect) on the thin client end. Find more details here.
Although you might have resolved the issue since the question was posted a long time back, but still putting an answer here for others.
With the Apache Ignite version(2.7+), you can modify your deployment to use Kubernetes IP Finder. With this Kubernetes will take care of discovering and connecting all server and client nodes.
TcpDiscoveryKubernetesIpFinder module will help you achieve this.
This is the discovery SPI that needs to be added to your configuration (Replace with appropriate Namespace and Service Name)
<property name="discoverySpi">
<bean class="org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi">
<property name="ipFinder">
<bean class="org.apache.ignite.spi.discovery.tcp.ipfinder.kubernetes.TcpDiscoveryKubernetesIpFinder">
<constructor-arg>
<bean class="org.apache.ignite.kubernetes.configuration.KubernetesConnectionConfiguration">
<property name="namespace" value="default" />
<property name="serviceName" value="ignite" />
</bean>
</constructor-arg>
</bean>
</property>
</bean>
</property>
Official documentation can be found here - https://ignite.apache.org/docs/latest/installation/kubernetes/amazon-eks-deployment
With rabbitmq client i can make it work with following bean inject well i heard CachingConnectionFactory has another constructor to apply a com.rabbitmq.client.ConnectionFactory, which will help to enable auto recovery, but it has limited attributes to go with it.
<bean id="rcf" class="com.rabbitmq.client.ConnectionFactory">
<property name="requestedHeartbeat" value="580" />
<property name="topologyRecoveryEnabled" value="true" />
<property name="automaticRecoveryEnabled" value="true" />
</bean>
But when it comes to spring amqp for rabbit , i found no options to do that.
I appreciate , Any help regarding the query i raised ..
This is really interesting and one of the important communication problem that we need solve when we are going to work under single Message Bus Architecture. Since, we are planning to abstracted out the internal details of Message Bus, it is necessary to provide what type of attributes that we need to enable in consumer as well as producer end.
This is my consumer.xml
<rabbit:connection-factory id="connectionFactory"
host="${rabbitmq.host}" virtual-host="${rabbitmq.vhost}" username="${rabbitmq.user}" password="${rabbitmq.password}" />
<rabbit:admin connection-factory="connectionFactory" />
<rabbit:queue id="mQueue" name="${rabbitmq.queue.m}" />
<rabbit:queue id="mrQueue" name="${rabbitmq.queue.mr}" />
Can you explain how to set auto recovery in this xml? Please add xml which will set auto recovery with above consumer xml
Spring AMQP has (and has always had) it's own connection recovery mechanism. The rabbit client added it much later and it's mechanism is incompatible with Spring AMQP. Setting automaticRecoveryEnabled will cause problems with Spring AMQP versions prior to 1.4.0.
1.4.0 and later are compatible with the rabbitmq settings, but still uses its own recovery mechanism.
You can change the recoveryInterval on the message listener container (default 5 seconds).
I am trying to connect to RabbitMQ over SSL. I have followed the RabbitMQ SSL documentation linked [here}(https://www.rabbitmq.com/ssl.html).
As per RabbitMQ SSL documentation connecting using SSLv3 and TLSv1 is not recommeded due to known vulnerabilities. Due to this I have disabled these protocols on RabbitMQ as per instructions.
I am using Spring AMQP 1.4.3 to connect to RabbitMQ.
ApplicationContext context = new GenericXmlApplicationContext("classpath:/testConfig/testrabbit-context.xml");
RabbitTemplate template = context.getBean(RabbitTemplate.class);
MessageProperties messageProperties = new MessageProperties();
org.springframework.amqp.core.Message amqpMessage = new org.springframework.amqp.core.Message("Test".getBytes(), messageProperties);
String routingKey = "TEST.businessevent.route";
template.send(routingKey, amqpMessage);
My config:
<rabbit:connection-factory id="rabbitConnectionFactory"
connection-factory="clientConnectionFactory"
host="localhost"
port="5671"
username="username"
password="password"
virtual-host="test_host" />
<rabbit:admin connection-factory="rabbitConnectionFactory" />
<rabbit:template id="rabbitTemplate"
connection-factory="rabbitConnectionFactory" exchange="test_topic" />
<rabbit:topic-exchange name="test_topic" durable="true" />
<bean id="clientConnectionFactory" class="org.springframework.amqp.rabbit.connection.RabbitConnectionFactoryBean">
<property name="useSSL" value="true" />
<property name="sslPropertiesLocation" value="/testconfig/rabbitSSL.properties"/>
</bean>
rabbitSSL.properties:
keyStore=file:/client/keycert.p12
trustStore=file:/lib/security/rabbitStore
keyStore.passPhrase=testpassword
trustStore.passPhrase=testpassword
However when I use the above code and config to connect to RabbitMQ over SSL I am getting a fatal alert: protocol_version.
When I looked at the org.springframework.amqp.rabbit.connection.RabbitConnectionFactoryBean class that Spring is using to connect to RabbitMQ, I can see that the protocol appears to be hard coded to SSLv3.
SSLContext context = SSLContext.getInstance("SSLv3");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
this.connectionFactory.useSslProtocol(context);
This code works fine if I do not disable SSLv3 on RabbitMQ. However I need to connect to RabbitMQ using Tlsv1.2. Can I do that using Spring AMQP 1.4.3 or do I need to use another version.
Thanks for any help you can provide me with this issue.
While searching for RabbitMQ remote access I came across the below Spring application.properties configuration settings that can be done in Spring to configure the RabbitMQ connections.
https://www.oodlestechnologies.com/blogs/Connect-to-SSL-enabled-RabbitMQ-server-Springboot/
spring.rabbitmq.host=hostURL
spring.rabbitmq.port = hostPort
spring.rabbitmq.username = username
spring.rabbitmq.password = password
spring.rabbitmq.virtual-host=virtualHost
spring.rabbitmq.ssl.enabled=true
spring.rabbitmq.ssl.algorithm=TLSv1.2
https://www.baeldung.com/spring-remoting-amqp#2-configuration
I have opened a JIRA Issue for this.
In the meantime, the RabbitConnectionFactoryBean is just a convenience class to make configuring an underlying connection factory more "Spring friendly" with defaults.
Instead, you can perform this initialization in your own code (perhaps using a #Bean declaration using Java Configuration).
Okay, I was trying to connect by Spring Boot application(2.1.4.RELEASE) that uses spring-boot-starter-amqp (2.1.4.RELEASE) to an AWS Managed instance of RabbitMQ aka Amazon MQ and it would fail with a similar error. What worked for me was setting these properties.
spring.rabbitmq.ssl.enabled=true
spring.rabbitmq.ssl.algorithm=TLSv1.3
Setting these properties explicitly was not required in an application that was using Spring Boot and spring-boot-starter-amqp (2.7.8) and they worked out of the box. Here's a mention of the same in Spring AMQP Documentation.
https://docs.spring.io/spring-amqp/reference/html/#rabbitconnectionfactorybean-configuring-ssl
I need some precise steps (with reference to glassfish docs) for the following scenario;
How to create JMS queues to support "store locally and forward remotely". The remote system is HornetQ.
The remote connectivity should support SSL and user/password authentication
It should support automatic retry and configuration of # of retry.
In case of any failure, it should be possible to select the jms messages are resend in bulk
I already went through some of the glassfish docs but needs to be further validated by the experts.
Simple Scenario but still not working "Send a JMS to sourceQueue and JMS bridge service to transfer to targetQueue". Here are the configurations;
A. domain.xml (extract)
<jms-service default-jms-host="default_JMS_host" type="EMBEDDED">
<jms-host host="localhost" name="default_JMS_host" lazy-init="false">
<property name="imq.bridge.bridge1.type" value="jms"></property>
<property name="imq.bridge.bridge1.xmlurl" value="file:///C:/TEMP/bridge.xml"></property>
<property name="imq.bridge.bridge1.autostart" value="true"></property>
<property name="imq.bridge.bridge1.logfile.limit" value="0"></property>
<property name="imq.bridge.bridge1.logfile.count" value="1"></property>
<property name="imq.bridge.enabled" value="true"></property>
<property name="imq.bridge.admin.user" value="admin"></property>
<property name="imq.bridge.admin.password" value="admin"></property>
<property name="imq.bridge.activelist" value="bridge1"></property>
</jms-host>
</jms-service>
B. bridge.xml (bridge configuration)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jmsbridge SYSTEM "sun_jmsbridge_1_0.dtd">
<jmsbridge name="bridge1">
<link name="link1">
<enabled ="true"></enabled>
<source connection-factory-ref=”jms/__defaultConnectionFactory" destination-ref="sourceQueue"></source>
<target connection-factory-ref="jms/__defaultConnectionFactory" destination-ref="targetQueue "></target>
</link>
<connection-factory ref-name="jms/__defaultConnectionFactory"/>
<connection-factory ref-name="jms/__defaultConnectionFactory"/>
<destination ref-name="sourceQueue" type="queue" lookup-name="sourceQueue"/>
<destination ref-name="targetQueue" type="queue" lookup-name="targetQueue"/>
</jmsbridge>
Glassfish deploys the Glassfish JMS server. If you want to talk to HornetQ you need to use HornetQ libraries and use the proper API (either core or JMS) to talk to the HornetQ server.
If you need XA integration through MDBs then you will need to deploy the Resource Adapter and do the proper recovery integration. Look at the glassFish on how to deploy an external resource adapter.. but that's an area that nobody at RedHat has tested yet and given the state of glassFish being discontinued I doubt that will happen any time soon.
Another way you could do is to deploy the JMS Bridge within JBoss / HornetQ, Where any message sent on GlassFish JMS would be consumed on HornetQ through the bridging process.
I'm load testing a CouchDB server from another machine using Tsung, and need to establish a secure connection. Unfortunately, I've not been able to find an example of the syntax in the documentation or online...
Any help would be greatly appreciated!
In tsung.xml:
<servers>
<server host="HOSTNAME_HERE" port="443" type="ssl"></server>
</servers>
References from the current Tsung documentation:
6.2. Clients and Server > Basic setup:
Type can be tcp, ssl, udp (for IPv6, use tcp6, ssl6 or udp6 ; only available in version 1.4.2 and newer) or websocket (only available in version 1.5.0 and newer)):
<servers>
<server host="server1" port="80" type="ssl" weight="4"></server>
<server host="server2" port="80" type="ssl" weight="1"></server>
</servers>
10. FAQ > Tsung crashes when I start it
Does your Erlang system has SSL support enabled?
To test it:
erl
Eshell V5.2 (abort with ^G)
1> ssl:start().
you should see 'ok'