JPPF, java, parallel computing, distributed computing, grid computing, parallel, distributed, cluster, grid, cloud, open source, android, .net
JPPF

The open source
grid computing
solution

 Home   About   Features   Download   Documentation   On Github   Forums 
November 18, 2019, 07:51:07 AM *
Welcome,
Please login or register.

Login with username, password and session length
Advanced search  
News: New users, please read this message. Thank you!
  Home Help Search Login Register  
Pages: [1]   Go Down

Author Topic: JPPF admin-ui with SSL  (Read 5058 times)

clgv

  • JPPF Master
  • ***
  • Posts: 25
JPPF admin-ui with SSL
« on: August 28, 2012, 07:38:41 PM »

My server is configured that it only uses SSL connections (for clients, nodes, peers and management).
When I try to connect via the JPPF-admin-ui I see only an empty column for the server.
I provided my keystore and my truststore for the admin-ui as well as an adjusted ssl.properties file.

I see no helpful information in the jppf-gui.log although all is set to debug except that (IP replaced with A.B.C.D):
Quote
2012-08-28 19:22:20,854 [DEBUG][org.jppf.client.AbstractGenericClient.initRemotePools(168)]: found peers in the configuration
2012-08-28 19:22:20,856 [DEBUG][org.jppf.client.AbstractGenericClient.initRemotePools(171)]: list of drivers: driver1
2012-08-28 19:22:20,870 [ERROR][org.jppf.management.JMXConnectionWrapper.<init>(165)]: Bad port number: "": java.lang.NumberFormatException: For input string: ""
java.net.MalformedURLException: Bad port number: "": java.lang.NumberFormatException: For input string: ""
        at javax.management.remote.JMXServiceURL.<init>(JMXServiceURL.java:193)
        at org.jppf.management.JMXConnectionWrapper.<init>(JMXConnectionWrapper.java:160)
        at org.jppf.management.JMXDriverConnectionWrapper.<init>(JMXDriverConnectionWrapper.java:63)
        at org.jppf.client.AbstractJPPFClientConnection.initializeJmxConnection(AbstractJPPFClientConnection.java:367)
        at org.jppf.client.JPPFClientConnectionImpl.<init>(JPPFClientConnectionImpl.java:69)
        at org.jppf.client.JPPFClient.createConnection(JPPFClient.java:110)
        at org.jppf.client.AbstractGenericClient.newConnection(AbstractGenericClient.java:220)
        at org.jppf.client.AbstractGenericClient.initRemotePools(AbstractGenericClient.java:191)
        at org.jppf.client.AbstractGenericClient.initPools(AbstractGenericClient.java:135)
        at org.jppf.client.AbstractGenericClient$1.run(AbstractGenericClient.java:109)
        at java.lang.Thread.run(Thread.java:662)
2012-08-28 19:22:20,871 [INFO ][org.jppf.client.AbstractGenericClient.newConnection(244)]: connection [driver1] created
2012-08-28 19:22:20,871 [DEBUG][org.jppf.management.JMXConnectionThread.run(80)]: A.B.C.D:-1 about to perform connection attempts
2012-08-28 19:22:20,871 [DEBUG][org.jppf.client.AbstractJPPFClientConnection.setStatus(179)]: connection 'driver1' status changing from CREATED to NEW
2012-08-28 19:22:20,872 [DEBUG][org.jppf.management.JMXConnectionThread.run(88)]: A.B.C.D:-1 JMX URL = null
java.lang.NullPointerException: Null JMXServiceURL
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:246)
        at org.jppf.management.JMXConnectionWrapper.performConnection(JMXConnectionWrapper.java:225)
        at org.jppf.management.JMXConnectionThread.run(JMXConnectionThread.java:81)
        at java.lang.Thread.run(Thread.java:662)

Do I have to change additional settings in the admin-ui?
Logged

lolo

  • Administrator
  • JPPF Council Member
  • *****
  • Posts: 2256
    • JPPF Web site
Re: JPPF admin-ui with SSL
« Reply #1 on: August 29, 2012, 05:11:03 AM »

Hello,

From the exception in the log, it seems the gui is unable to compute the JMXServiceURL for the driver, and is thus unable to connect to  its JMX server.
I believe this could be due to somethig missing in the driver's configuration. In particular, did you set "jppf.management.ssl.enabled = true" for the driver? Remember that connectivity for a node or client is either all SSL-based or nothing SSL-based (including connections to remote JMX servers), whereas in the driver you can choose either or both, and this has to be configured separately for the JMX server and the "normal" JPPF server connectivity.

If this doesn't help, is there any way you could post your configuration files for the driver and the gui?

Thanks,
-Laurent
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #2 on: August 29, 2012, 10:29:58 AM »

After playing with several settings which did not work, I tracked the error through the source of 3.1.1.

I found the following in DriverInitializer.java which seems wrong:
Code: [Select]
if (config.getBoolean("jppf.management.enabled", true))
{
    connectionInfo.managementPort = config.getInt("jppf.management.port", 11198);
    connectionInfo.sslManagementPort = config.getInt("jppf.management.port", 11198);
}

Both ports are read from "jppf.management.port" and only if "jppf.management.enabled" is true.
That conflicts with the docs which state:
Quote
# disable JMX via non-secure connections
 jppf.management.enabled = false
 # enable JMX via secure connections
 jppf.management.ssl.enabled = true
 # secure JMX server port
 jppf.management.ssl.port = 11193

Update:
The attached patch implements the behavior that is described in the documentation.
I tested the following configurations: plain only, ssl only, plain & ssl
All worked with admin-ui and driver via the startup sh-scripts.
« Last Edit: August 29, 2012, 01:44:39 PM by clgv »
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #3 on: August 29, 2012, 03:37:53 PM »

Unluckily, my setup on the server seems to differ somehow since I still get no management information when I start the driver and the admin-ui on the server. The first problem in the log occurs here:
Quote
2012-08-29 15:03:36,314 [DEBUG][org.jppf.client.AbstractGenericClient.initRemotePools(171)]: list of drivers: driver1
2012-08-29 15:03:36,328 [ERROR][org.jppf.management.JMXConnectionWrapper.<init>(165)]: Bad port number: "": java.lang.NumberFormatException: For input string: ""
java.net.MalformedURLException: Bad port number: "": java.lang.NumberFormatException: For input string: ""
        at javax.management.remote.JMXServiceURL.<init>(JMXServiceURL.java:193)
        at org.jppf.management.JMXConnectionWrapper.<init>(JMXConnectionWrapper.java:160)
        at org.jppf.management.JMXDriverConnectionWrapper.<init>(JMXDriverConnectionWrapper.java:63)
        at org.jppf.client.AbstractJPPFClientConnection.initializeJmxConnection(AbstractJPPFClientConnection.java:367)
        at org.jppf.client.JPPFClientConnectionImpl.<init>(JPPFClientConnectionImpl.java:69)
        at org.jppf.client.JPPFClient.createConnection(JPPFClient.java:110)
        at org.jppf.client.AbstractGenericClient.newConnection(AbstractGenericClient.java:220)
        at org.jppf.client.AbstractGenericClient.initRemotePools(AbstractGenericClient.java:191)
        at org.jppf.client.AbstractGenericClient.initPools(AbstractGenericClient.java:135)
        at org.jppf.client.AbstractGenericClient$1.run(AbstractGenericClient.java:109)
        at java.lang.Thread.run(Thread.java:662)
2012-08-29 15:03:36,329 [INFO ][org.jppf.client.AbstractGenericClient.newConnection(244)]: connection [driver1] created
2012-08-29 15:03:36,329 [DEBUG][org.jppf.client.AbstractJPPFClientConnection.setStatus(179)]: connection 'driver1' status changing from CREATED to NEW
2012-08-29 15:03:36,329 [DEBUG][org.jppf.management.JMXConnectionThread.run(80)]: A.B.C.D:-1 about to perform connection attempts
2012-08-29 15:03:36,330 [DEBUG][org.jppf.management.JMXConnectionThread.run(88)]: A.B.C.D:-1 JMX URL = null
java.lang.NullPointerException: Null JMXServiceURL
        at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:246)
        at org.jppf.management.JMXConnectionWrapper.performConnection(JMXConnectionWrapper.java:225)
        at org.jppf.management.JMXConnectionThread.run(JMXConnectionThread.java:81)
        at java.lang.Thread.run(Thread.java:662)

Driver configuration (strategy related config removed):
Quote
jppf.management.host=A.B.C.D
jppf.management.enabled=true
jppf.management.port=11198
jppf.management.ssl.enabled=true
jppf.management.ssl.port=22298
jppf.ssl.configuration.file=ssl.properties

jppf.server.port=11111
jppf.ssl.server.port=22222

jppf.peer.ssl.enabled=true
jppf.ssl.enabled=true

jppf.peer.discovery.enabled=false
jppf.local.node.enabled=false
jppf.jvm.options=-server
jppf.discovery.enabled=false

admin-ui configuration:
Quote
jppf.drivers = driver1
driver1.jppf.server.host = A.B.C.D

# ssl
jppf.ssl.enabled = true
driver1.jppf.server.port = 22222
driver1.jppf.management.port = 22298

# no ssl
#jppf.ssl.enabled = false
#driver1.jppf.server.port = 11111
#driver1.jppf.management.port = 11198

driver1.priority = 10
driver1.jppf.management.host = A.B.C.D

# location of the SSL configuration on the file system
jppf.ssl.configuration.file = config/ssl/ssl.properties

jppf.discovery.enabled = false

reconnect.max.time = 5

default.refresh.interval = 1000

The management connection can be established with the "# no ssl" section but not with the "# ssl" section uncommented.
Logged

lolo

  • Administrator
  • JPPF Council Member
  • *****
  • Posts: 2256
    • JPPF Web site
Re: JPPF admin-ui with SSL
« Reply #4 on: August 30, 2012, 09:57:31 AM »

Hello,

Thank you for the code patch on the DriverInitializer. I registered a bug JPPF-56 Bad initialization of management broadcast information.
Unrotunately, this issue is not relvant to your current problem, as it would only have an impact when discovery is enabled.

I have actually identified the problem with the SSL JMX conection: JPPF-57 Driver management port not used in the client when SSL is enabled. The fix for this one is easy, and I will publish a patch for both bugs either today or tomorrow at the latest.

Sincerely,
-Laurent
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #5 on: August 30, 2012, 11:05:05 AM »

Thanks! I continue development without SSL so long.
Logged

lolo

  • Administrator
  • JPPF Council Member
  • *****
  • Posts: 2256
    • JPPF Web site
Re: JPPF admin-ui with SSL
« Reply #6 on: August 31, 2012, 03:38:30 AM »

Hello,

We have released patch 01 for JPPF 3.1.2. Please let us know if this resolves the issue for you.

Sincerely,
-Laurent
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #7 on: August 31, 2012, 01:13:51 PM »

Ok. I tested the patch. admin-ui is able to connect to the server and allows querying server information and server stats.
But there are no nodes displayed in the tree view - although they are connected according to the server stats.
I submitted a job to the cluster which worked as well.

So it seems there is still a problem in the node implementation with management via ssl (and  maybe disabled discovery).

The node configuration is
Quote
jppf.recovery.enabled=false
reconnect.interval=1
processing.threads=12
jppf.jvm.options=-server
jppf.management.port=11198
jppf.management.enabled=true
jppf.discovery.port=11111
jppf.server.port=11111
jppf.recovery.read.timeout=60000
jppf.management.host=E.F.G.H
jppf.classloader.cache.size=50
jppf.server.host=A.B.C.D
reconnect.initial.delay=1
jppf.discovery.enabled=false
jppf.discovery.timeout=5000
jppf.recovery.max.retries=2
jppf.recovery.server.port=22222
reconnect.max.time=60
jppf.ssl.configuration.file=ssl.properties
jppf.ssl.enabled=true
jppf.discovery.group=230.0.0.1

I also tried with "jppf.management.ssl.port=11198" added which did make no difference.
The logs of driver, node and admin-ui all show neither an ERROR nor an exception stacktrace.
Logged

lolo

  • Administrator
  • JPPF Council Member
  • *****
  • Posts: 2256
    • JPPF Web site
Re: JPPF admin-ui with SSL
« Reply #8 on: August 31, 2012, 02:41:03 PM »

I'm suspecting an issue in your SSL configuration of the node's remote JMX server.
With SSL enabled, the node needs a keystore for its JMX server, and you need to export its certificate and add it to a truststore on the admin-ui side.
Is this what you have done?
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #9 on: August 31, 2012, 05:17:58 PM »

Yes, that is what I did.
Currently, client, node, server, admin-ui have all the same keystore and truststore.

The non-JMX connections seem to work just fine with the SSL configuration.
Logged

lolo

  • Administrator
  • JPPF Council Member
  • *****
  • Posts: 2256
    • JPPF Web site
Re: JPPF admin-ui with SSL
« Reply #10 on: September 04, 2012, 06:48:56 AM »

Hello,

Sorry for the late answer. I just reviewed your node configuration again and realized something has escaped my attention. You have set "jppf.server.port=11111", which is not the SSL port declared in the driver's config. I believe it should be 22222 instead. Is this a typo that happened when you posted the configuration, or a "real" error?

Sincerely,
-Laurent
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #11 on: September 04, 2012, 12:17:19 PM »

Oh, it's a consistency error when posting here. I post the whole ssl-only configuration again.
There are a lot of default values as mentioned in the documentation in there because I generate those properties files.

Submitting jobs and their execution on nodes seems to work with this configuration but I only see the Server entry in the admin-ui and not the entries for the connected nodes.

Server configuration:
Quote
strategy.proportional_profile.proportionalityFactor=2
strategy.rl_profile.performanceVariationThreshold=0.0010
jppf.recovery.max.retries=3
jppf.load.balancing.algorithm=nodethreads
jppf.peer.ssl.enabled=true
strategy.proportional_profile.performanceCacheSize=3000
jppf.recovery.read.timeout=6000
strategy.manual_profile.size=1
strategy.nodethreads_profile.multiplicator=1
jppf.recovery.reaper.run.interval=60000
jppf.ssl.enabled=true
jppf.management.host=A.B.C.D
jppf.peer.discovery.enabled=false
strategy.proportional_profile.size=5
strategy.autotuned_profile.decreaseRatio=0.2
jppf.management.ssl.port=11198
strategy.autotuned_profile.maxDeviation=0.2
jppf.ssl.server.port=11111
strategy.autotuned_profile.maxGuessToStable=50
jppf.ssl.configuration.file=ssl.properties
jppf.discovery.broadcast.interval=1000
jppf.discovery.port=11111
jppf.recovery.enabled=false
jppf.server.port=-1
jppf.local.node.enabled=false
jppf.discovery.group=230.0.0.1
strategy.autotuned_profile.sizeRatioDeviation=1.5
jppf.management.ssl.enabled=true
jppf.jvm.options=-server
strategy.autotuned_profile.minSamplesToCheckConvergence=50
jppf.recovery.server.port=22222
strategy.autotuned_profile.size=5
jppf.load.balancing.strategy=nodethreads_profile
strategy.rl_profile.performanceCacheSize=3000
jppf.discovery.enabled=false
jppf.management.port=-1
strategy.autotuned_profile.minSamplesToAnalyse=100
jppf.management.enabled=false

Node configuration:
Quote
jppf.recovery.enabled=false
reconnect.interval=1
processing.threads=12
jppf.jvm.options=-server
jppf.management.port=11198
jppf.management.enabled=true
jppf.discovery.port=11111
jppf.server.port=11111
jppf.recovery.read.timeout=60000
jppf.management.host=E.F.G.H
jppf.classloader.cache.size=50
jppf.management.ssl.enabled=false
jppf.server.host=A.B.C.D
reconnect.initial.delay=1
jppf.discovery.enabled=false
jppf.discovery.timeout=5000
jppf.recovery.max.retries=2
jppf.recovery.server.port=22222
reconnect.max.time=60
jppf.ssl.configuration.file=ssl.properties
jppf.ssl.enabled=true
jppf.discovery.group=230.0.0.1
Logged

clgv

  • JPPF Master
  • ***
  • Posts: 25
Re: JPPF admin-ui with SSL
« Reply #12 on: September 10, 2012, 10:00:32 AM »

So, how can we narrow down this issue?
I did not see any suspicious ERROR lines in any of the logs.
Logged

lolo

  • Administrator
  • JPPF Council Member
  • *****
  • Posts: 2256
    • JPPF Web site
Re: JPPF admin-ui with SSL
« Reply #13 on: September 17, 2012, 08:12:56 AM »

Hello,

I apologize for this late answer. I'm still investigating this and will provide feedback in this thread tomorrow at the latest.

-Laurent
Logged
Pages: [1]   Go Up
 
JPPF Powered by SMF 2.0 RC5 | SMF © 2006–2011, Simple Machines LLC Get JPPF at SourceForge.net. Fast, secure and Free Open Source software downloads