search

akamai / cli-sandbox

Akamai CLI for Sandbox
https://github.com/akamai/cli
Apache License 2.0
13 stars 12 forks source link

websocket connection failed on openjdk@17 #104

Closed lukaszczerpak closed 1 year ago

lukaszczerpak commented 2 years ago

Hi,

Sandbox Client doesn't work with OpenJDK@17. All works fine with OpenJDK@11. We see the following messages in logs:

2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - Opening connection to gateway: wss://sandbox-gateway.akamai.com:443/23bdd36c-4daa-41fd-a931-d4b06d342de9/websocket
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - connecting to gateway
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - waiting for secure web socket handshake
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - web socket connection failed
2021-10-14 18:31:54 [nioEventLoopGroup-3-1] INFO  c.a.d.c.s.GatewayWebsocketClientHandler - WebSocket Client disconnected!
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - building new tunnel
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - Opening connection to gateway: wss://sandbox-gateway.akamai.com:443/23bdd36c-4daa-41fd-a931-d4b06d342de9/websocket
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - connecting to gateway
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - waiting for secure web socket handshake
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - web socket connection failed
2021-10-14 18:31:54 [nioEventLoopGroup-3-2] INFO  c.a.d.c.s.GatewayWebsocketClientHandler - WebSocket Client disconnected!
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - building new tunnel
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - Opening connection to gateway: wss://sandbox-gateway.akamai.com:443/23bdd36c-4daa-41fd-a931-d4b06d342de9/websocket
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - connecting to gateway
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - waiting for secure web socket handshake
2021-10-14 18:31:54 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - web socket connection failed
2021-10-14 18:31:54 [nioEventLoopGroup-3-3] INFO  c.a.d.c.s.GatewayWebsocketClientHandler - WebSocket Client disconnected!

This occurs on each request made to sandbox's local port. Enabling DEBUG in logback gives a bit more details but I wasn't able to get to the root cause:

2021-10-14 18:57:40 [nioEventLoopGroup-2-2] DEBUG i.n.handler.logging.LoggingHandler - [id: 0x59805d88, L:/[0:0:0:0:0:0:0:0]:9550] READ: [id: 0xcbae901e, L:/127.0.0.1:9550 - R:/127.0.0.1:56860]
2021-10-14 18:57:40 [nioEventLoopGroup-2-2] DEBUG i.n.handler.logging.LoggingHandler - [id: 0x59805d88, L:/[0:0:0:0:0:0:0:0]:9550] READ COMPLETE
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.maxCapacityPerThread: 4096
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.maxSharedCapacityFactor: 2
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.linkCapacity: 16
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.ratio: 8
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG io.netty.util.Recycler - -Dio.netty.recycler.delayedQueue.ratio: 8
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG io.netty.handler.ssl.SslHandler - [id: 0xcbae901e, L:/127.0.0.1:9550 - R:/127.0.0.1:56860] HANDSHAKEN: protocol:TLSv1.2 cipher suite:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
2021-10-14 18:57:40 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.s.HttpVersionNegotiationHandler - Setting up pipeline. Negotiated protocol = h2
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.s.h.UserRequestHandlerHttp2 - got settings frame: {ENABLE_PUSH=0, MAX_CONCURRENT_STREAMS=100, INITIAL_WINDOW_SIZE=33554432}
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.s.h.UserRequestHandlerHttp2 - on window update for stream: 0 increment: 33488897
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.server.TunnelClientManager - REGISTERED channel_id: 1
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.s.h.H2TunnelChannelManager - linking tunnel/h2 = (1, 1)
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.s.h.H2TunnelChannelManager - linking (h2, tchannel) = (1, 1)
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] DEBUG c.a.d.c.server.TunnelClientManager - proxying TunnelMessage to via tunnel
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - building new tunnel
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - Opening connection to gateway: wss://sandbox-gateway.akamai.com:443/23bdd36c-4daa-41fd-a931-d4b06d342de9/websocket
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - connecting to gateway
2021-10-14 18:57:41 [nioEventLoopGroup-3-1] DEBUG i.n.h.c.compression.ZlibCodecFactory - -Dio.netty.noJdkZlibDecoder: false
2021-10-14 18:57:41 [nioEventLoopGroup-3-1] DEBUG i.n.h.c.compression.ZlibCodecFactory - -Dio.netty.noJdkZlibEncoder: false
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - waiting for secure web socket handshake
2021-10-14 18:57:41 [nioEventLoopGroup-3-1] DEBUG i.n.h.c.h.w.WebSocketClientHandshaker13 - WebSocket version 13 client handshake key: iwPxr44KPAChGlbE6kMcXA==, expected response: vz4fT2lthqdCnTqllyQPFGAhcAA=
2021-10-14 18:57:41 [nioEventLoopGroup-3-1] DEBUG io.netty.handler.ssl.SslHandler - SSLException during trying to call SSLEngine.wrap(...) because of an previous SSLException, ignoring...
javax.net.ssl.SSLException: SSL_write
    at org.conscrypt.ConscryptEngine.newSslExceptionWithMessage(ConscryptEngine.java:1376)
    at org.conscrypt.ConscryptEngine.wrap(ConscryptEngine.java:1551)
    at java.base/javax.net.ssl.SSLEngine.wrap(SSLEngine.java:564)
    at org.conscrypt.Java8EngineWrapper.wrap(Java8EngineWrapper.java:56)
    at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:1086)
    at io.netty.handler.ssl.SslHandler.wrap(SslHandler.java:843)
    at io.netty.handler.ssl.SslHandler.wrapAndFlush(SslHandler.java:811)
    at io.netty.handler.ssl.SslHandler.handleUnwrapThrowable(SslHandler.java:1312)
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1288)
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1329)
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:508)
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:447)
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:271)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:833)
2021-10-14 18:57:41 [nioEventLoopGroup-2-3] INFO  c.a.d.c.server.TunnelChannelFactory - web socket connection failed
2021-10-14 18:57:41 [nioEventLoopGroup-3-1] INFO  c.a.d.c.s.GatewayWebsocketClientHandler - WebSocket Client disconnected!

On a side note... I was wondering if there is any plan to rewrite the client to Go which would solve JDK/JRE compatibility issues (it's not first time!) as well as allow for easier and more lightweight setup (single binary).

krzyk commented 2 years ago

Unfortunately we don't support Java versions newer than AFAIR 15.

Basically it wasn't tested in 16 and 17.

krzyk commented 2 years ago

There are no plans for rewrite. The client code is quite big and complicated. It would be easier to rewrite the nodejs parts to Java.

We have some tasks in backlog to use jlink, this way we will provide the JRE we tested the app with. But there wasn't much push for that so it doesn't have high priority (unfortunately, because Inwoukd gladly work on that).

lukaszczerpak commented 2 years ago

Many thanks for the prompt replies!

Unfortunately we don't support Java versions newer than AFAIR 15.

Okay. We will continue using the older version then.

There are no plans for rewrite. The client code is quite big and complicated. It would be easier to rewrite the nodejs parts to Java.

We don't use the CLI at all - we have our own scripts that manage sandboxes. The only dependency we currently have is on JAR file and Java obviously.

herzykj commented 1 year ago

we've just released a new version of CLI-sandbox (1.6.0) which uses a new sandbox-client (1.5.0). To upgrade execute the following in the terminal:

akamai update sandbox
akamai sandbox install

After that, Sandbox should work well with Java <= 19 and Macs with M1 CPU