I'm using the configuration below, with a cluster running on my local machine with the same port range as below (37500..37509)
IgniteConfiguration cfg = new IgniteConfiguration();
cfg.setClientMode(true);
TcpDiscoverySpi spi = new TcpDiscoverySpi();
TcpDiscoveryMulticastIpFinder ipFinder = new TcpDiscoveryMulticastIpFinder();
ipFinder.setMulticastGroup("127.0.0.1");
// Set initial IP addresses.
// Note that you can optionally specify a port or a port range.
ipFinder.setAddresses(Arrays.asList("127.0.0.1:37500..37509"));
spi.setLocalPort(37508);
spi.setLocalPortRange(0);
TcpCommunicationSpi commSpi=new TcpCommunicationSpi();
commSpi.setLocalPort(37509);
// Overriding discovery SPI.
cfg.setDiscoverySpi(spi);
// Overriding communication SPI.
cfg.setCommunicationSpi(commSpi);
try (Ignite ig = Ignition.start(cfg)) {
IgniteCache<Integer, String> cache = ig.getOrCreateCache("myCacheName");
cache.put(1, "vlad");
cache.get(1);
}
I'm getting the below error message:
[17:51:14] IP finder returned empty addresses list. Please check IP finder configuration and make sure multicast works on your network. Will retry every 2 secs.
Any thoughts?
The error itself is shown because you didn't set the IP finder to the discovery SPI (spi.setIpFinder(ipFinder)).
However, you should also note that DiscoverySpi and CommunicationSpi are two different components and they use different ports. What you did here is bound communication to one of the ports discovery will try to connect to. Port ranges for discovery and communication should not intersect.
Related
Where can I find information about Hikari properties that can be modified at runtime?
I tried to modify connectionTimeout. I can do it and it will be modified in the HikariDataSource without an exception (checked by setting and then getting the property) but it takes no effect.
If I initially do:
HikariConfig config = new HikariConfig();
config.setConnectionTimeout(12000);
HikariDataSource pool = new HikariDataSource(config);
and later on I do
config.setConnectionTimeout(5000);
Hikari tries to get a new connection for 12 seconds instead of 5 seconds.
Or is there a way to change the value with effect?
Are there other properties with the same behaviour?
You can do this through the MX bean, but you don't need to use JMX
public void updateTimeout(final long connectionTimeoutMs, final HikariDataSource ds) {
var poolBean = ds.getHikariPoolMXBean();
var configBean = ds.getHikariConfigMXBean();
poolBean.suspendPool(); // Block new connections being leased
configBean.setConnectionTimeout(connectionTimeoutMs);
poolBean.softEvictConnections(); // Close unused cnxns & mark open ones for disposal
poolBean.resumePool(); // Re-enable connections
}
Bear in mind you will need to enable pool suspension in your initial config
var config = new HikariConfig();
...
config.setAllowPoolSuspension(true);
You can't dynamically update the property values by resetting them on the config object - the config object is ultimately read once when instantiating the Hikari Pool (have a look at the source code in PoolBase.java to see how this works.
You can however do what you want and update the connection timeout value at runtime via JMX. How to do this is explained in the hikari documentation here
If your JVM has JMX enabled (I recommend for every prod), you could:
SSH-tunnel JMX port to your local machine
Connect to the VM in a JMX client like JConsole
Operate pool MBean as needed
Note: JMX port must never be public to the internet, be sure that firewall protects you.
SSH Tunnel command example:
ssh -i ${key_path} -N -L 9000:localhost:9000 -L 9001:localhost:9001 ${user}#${address}
This follows on from "How to access JMX interface in docker from outside?" which talks about setting up unencrypted JMX connections.
I could use either RMI or JMXMP which Glassfish uses.
There is a set of JVM options that are required and I'm looking for the changes I need to set up JMX with SSL:
com.sun.management.jmxremote=true
com.sun.management.jmxremote.local.only=false
com.sun.management.jmxremote.ssl=true
com.sun.management.jmxremote.authenticate=true
com.sun.management.jmxremote.port=12345
com.sun.management.jmxremote.rmi.port=12346
java.rmi.server.hostname=10.11.12.176
com.sun.management.jmxremote.access.file=/.secure/jmxremote.access
com.sun.management.jmxremote.password.file=/.secure/jmxremote.pass
com.sun.management.jmxremote.login.config=ldap-ad-config
java.net.preferIPv4Stack=true
com.sun.management.jmxremote.ssl.config.file=/.secure/jmxremotessl.properties
javax.net.ssl.keyStore=/config/app.jks
javax.net.ssl.keyStorePassword=teabag
javax.net.ssl.trustStore=/config/cacerts
javax.net.ssl.trustStorePassword=milk
The problem is the same:
java.rmi.ConnectException: Connection refused to host: 172.0.0.85; nested exception is
java.net.ConnectException: Operation timed out
That IP address is the internal IP address of the docker container. I assume that this is happening despite the java.rmi.server.hostname solution because it's on SSL.
I tried to reverse proxy the SSL to non-SSL with nginx but that failed with the error
java.rmi.ConnectIOException: non-JRMP server at remote endpoint
so I guess I should be forwarding extra headers in nginx.
I'm now attempting to set up JMXMP but the documentation on how to do it is pretty thin on the ground. There's a Spring implementation and a Glassfish implementation but not with findable docs (as yet) - so I'm adding the glassfish tag.
The answer is that I can set up my app to use JMXMP and configure it to implement TLS connections using these JVM options:
-Dcom.sun.management.jmxremote=true
-Dcom.sun.management.jmxremote.local.only=false
-Dcom.sun.management.jmxremote.authenticate=true
-Dcom.sun.management.jmxremote.ssl=true
-Dcom.sun.management.jmxremote.access.file=C:/dev/.secure/jmxremote.access
-Dcom.sun.management.jmxremote.password.file=C:/dev/.secure/jmxremote.pass
-Dcom.sun.management.jmxremote.login.config=spnego-server
-Djava.net.preferIPv4Stack=true
-Dcom.sun.management.jmxremote.ssl.config.file=/.secure/jmxremotessl.properties
however I have to code up a configuration class to launch the JMXConnectorServer like so:
#Configuration
public class JmxServer {
public JmxServer(
#Value("${jmx.remote.hostname}") final String hostname,
#Value("${jmx.remote.port}") final String port) {
try {
Map<String, Object> env = new HashMap<>();
env.put("jmx.remote.profiles", "TLS SASL/PLAIN");
env.put(JMXConnector.CREDENTIALS,
new String[] {"myusername", "password"});
JMXConnectorServerFactory.newJMXConnectorServer(
new JMXServiceURL(
String.format("service:jmx:jmxmp://%s:%s",
hostname, port)),
env,
ManagementFactory.getPlatformMBeanServer()
).start();
} catch (IOException e) {
e.printStackTrace();
}
}
}
But this is only half of it. I am now wrangling with JConsole to get it to do JMXMP with TLS.
For that I'm following this fossil question from 2007 on the Oracle forums:
Can JConsole connect to a remote JMX agent using JMXMP and TLS?
but still struggling...
I'm running a licensed version of ServiceStack and trying to get a sentinel cluster setup on Google Cloud Compute.
The cluster is basically GCE's click-to-deploy redis solution - 3 servers. Here is the code i'm using to initialize...
var hosts = Settings.Redis.Host.Split(';');
var sentinel = new ServiceStack.Redis.RedisSentinel(hosts, "master");
redis = sentinel.Setup();
container.Register<IRedisClientsManager>(redis);
container.Register<ICacheClient>(redis.GetCacheClient());
The client works fine - but once i shut down one of the redis instances everything craps the bed. The client complains about not being able to connect to the missing instance. Additionally, even when i bring the instance back up - it is in READ ONLY mode, so everything still fails. There doesn't seem to be a way to recover once you are in this state...
Am i doing something wrong? Is there some reason that RedisSentinal client doesn't figure out who the new master is? I feed it all 3 host IP addresses...
You should only be supplying the host of the Redis Sentinel Server to RedisSentinel as it gets the active list of other master/slave redis servers from the Sentinel host.
Some changes to RedisSentinel were recently added in the latest v4.0.37 that's now available on MyGet which includes extra logging and callbacks of Redis Sentinel events. The new v4.0.37 API looks like:
var sentinel = new RedisSentinel(sentinelHost, masterName);
Starting the RedisSentinel will connect to the Sentinel Host and return a pre-configured RedisClientManager (i.e. redis connection pool) with the active
var redisManager = sentinel.Start();
Which you can then register in the IOC with:
container.Register<IRedisClientsManager>(redisManager);
The RedisSentinel should then listen to master/slave changes from the Sentinel hosts and failover the redisManager accordingly. The existing connections in the pool are then disposed and replaced with a new pool for the newly configured hosts. Any active connections outside of the pool they'll throw connection exceptions if used again, the next time the RedisClient is retrieved from the pool it will be configured with the new hosts.
Callbacks and Logging
Here's an example of how you can use the new callbacks to introspect the RedisServer events:
var sentinel = new RedisSentinel(sentinelHost, masterName)
{
OnFailover = manager =>
{
"Redis Managers were Failed Over to new hosts".Print();
},
OnWorkerError = ex =>
{
"Worker error: {0}".Print(ex);
},
OnSentinelMessageReceived = (channel, msg) =>
{
"Received '{0}' on channel '{1}' from Sentinel".Print(channel, msg);
},
};
Logging of these events can also be enabled by configuring Logging in ServiceStack:
LogManager.LogFactory = new ConsoleLogFactory(debugEnabled:false);
There's also an additional explicit FailoverToSentinelHosts() that can be used to force RedisSentinel to re-lookup and failover to the latest master/slave hosts, e.g:
var sentinelInfo = sentinel.FailoverToSentinelHosts();
The new hosts are available in the returned sentinelInfo:
"Failed over to read/write: {0}, read-only: {1}".Print(
sentinelInfo.RedisMasters, sentinelInfo.RedisSlaves);
We use an embedded ActiveMQ broker and create it like this(a bit simplified) :
BrokerService brokerService = new BrokerService();
brokerService.addConnector("tcp://1.2.3.4:61610");
brokerService.start();
The problem we have is that the broker is listening to the hostname instead of the IP-address and this does not work in our case. How can I force the brokerService to listen on the IP address instead of the hostname.
Here is what the log says when starting the broker:
2015-01-20 15:16:03,414 qtp833534789-27 INFO BrokerService - Apache ActiveMQ 5.10.0 (b1653842572, ID:ABC123-59162-1421763362756-0:1) is starting
2015-01-20 15:16:04,948 qtp833534789-27 INFO TransportServerThreadSupport - Listening for connections at: tcp://myhostname.mydomain.local:61610
2015-01-20 15:16:04,948 qtp833534789-27 INFO TransportConnector - Connector tcp://myhostname.mydomain.local:61610 started
A TCP listener can never listen to a DNS name. It's always bound to one or many interface(s)/IP address(es).
In this case, ActiveMQ helps you out by reverse resolving the DNS name from the IP because it's easier to understand what's going on in the logs when you read a logical DNS name rather than some number.
ActiveMQ has some code like this
protected String resolveHostName(ServerSocket socket, InetAddress bindAddress) throws UnknownHostException {
String result = null;
if (socket.isBound()) {
if (socket.getInetAddress().isAnyLocalAddress()) {
// make it more human readable and useful, an alternative to 0.0.0.0
result = InetAddressUtil.getLocalHostName();
} else {
result = socket.getInetAddress().getCanonicalHostName();
}
} else {
result = bindAddress.getCanonicalHostName();
}
return result;
}
To replace the IP with a DNS once the socket is indeed bound. I guess you have not even tried using the IP address, since it should work.
Try this:
brokerService.addConnector("tcp://0.0.0.0:61610");
I am using Amqp with ActiveMQ, which requires version 1-0-, not the old version 0-9-
In the version 0-9-* with "RabbitMQ.Client" (I was using RabbitMQ and switching to ActiveMQ), the following C# code works to connect to one broker.
factory = new ConnectionFactory()
{
Protocol = Protocols.FromEnvironment(),
HostName = IpAddress,
Port = Port,
VirtualHost = VirtualHost,
UserName = User,
Password = Password
};
but with version 1-0-* in "Apache.NMS.ActiveMQ", this does not work,
(the example here use IConnectionFactory instead: http://activemq.apache.org/nms/examples.html
but could not input HostName, Port, VirtualHost, UserName, Password there. )
How can I use "Apache.NMS.ActiveMQ", and do the connection with username, password in the code.
Thanks :)
ActiveMQ is a multi protocol broker. AMQP 1.0 is one of the wire protocols it supports.
However, the Apache.NMS.ActiveMQ lib is using the OpenWire protocol (default port 61616 on AMQ). It's straight forward to connect using NMS to OpenWire, even with username and password.
IConnectionFactory factory = new ConnectionFactory("tcp://localhost:61616);
using (IConnection connection = factory.CreateConnection("user1234","s3cr3tp4ssw0rd")
{
using (ISession session = connection.CreateSession ())
{
// send a message or whatever
If you really want to connect using AMQP, I suggest the QPid proton lib instead of NMS. NMS has something going on as well, but it's not there yet.
There is now an Apache ActiveMQ released version of Apache.NMS.AMQP its available it Nuget.
https://www.nuget.org/packages/Apache.NMS.AMQP
You can contribute
https://github.com/apache/activemq-nms-amqp