search

sofastack / sofa-jraft

A production-grade java implementation of RAFT consensus algorithm.
https://www.sofastack.tech/projects/sofa-jraft/
Apache License 2.0
3.52k stars 1.12k forks source link

RheaKV开启SSL认证之后,通信连接失败 #1123

Closed Tacode closed 3 days ago

Tacode commented 5 days ago

Your question

按照官方文档Jraft集群开启SSL,启动服务连接失败 其中的server代码配置:

System.setProperty("bolt.server.ssl.enable", "true");
System.setProperty("bolt.server.ssl.clientAuth", "true");
System.setProperty("bolt.server.ssl.keystore", "E:\\opensource\\sofa-jraft\\crt\\bolt.pfx");
System.setProperty("bolt.server.ssl.keystore.password", "sfbolt");
System.setProperty("bolt.server.ssl.keystore.type", "pkcs12");
System.setProperty("bolt.server.ssl.kmf.algorithm", "SunX509");
System.setProperty("bolt.client.ssl.enable", "true");
System.setProperty("bolt.client.ssl.keystore", "E:\\opensource\\sofa-jraft\\crt\\cbolt.pfx");
System.setProperty("bolt.client.ssl.keystore.password", "sfbolt");
System.setProperty("bolt.client.ssl.keystore.type", "pkcs12");
System.setProperty("bolt.client.ssl.tmf.algorithm", "SunX509");
final PlacementDriverOptions pdOpts = PlacementDriverOptionsConfigured.newConfigured().withFake(true).config();
final StoreEngineOptions storeOpts = StoreEngineOptionsConfigured.newConfigured() //
    .withStorageType(StorageType.RocksDB)
    .withRocksDBOptions(RocksDBOptionsConfigured.newConfigured().withDbPath(Configs.DB_PATH).config())
    .withRaftDataPath(Configs.RAFT_DATA_PATH)
    .withServerAddress(new Endpoint("127.0.0.1", 8181))
    .config();
final RheaKVStoreOptions opts = RheaKVStoreOptionsConfigured.newConfigured() //
    .withClusterName(Configs.CLUSTER_NAME) //
    .withUseParallelCompress(true) //
    .withInitialServerList(Configs.ALL_NODE_ADDRESSES)
    .withStoreEngineOptions(storeOpts) //
    .withPlacementDriverOptions(pdOpts) //
    .config();
System.out.println(opts);
final Node node = new Node(opts);
node.start();
Runtime.getRuntime().addShutdownHook(new Thread(node::stop));
System.out.println("server1 start OK");

失败日志:

2024-07-03 11:30:28 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] WARN  NodeImpl:2700 - Node <rhea_example--1/127.0.0.1:8182> channel init failed, address=127.0.0.1:8181.
2024-07-03 11:30:28 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8181 is connected
2024-07-03 11:30:28 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8181 is connected
2024-07-03 11:30:29 [Bolt-conn-event-executor-10-thread-1] INFO  RpcRequestProcessor:514 - Connection disconnected: 127.0.0.1:14842
2024-07-03 11:30:29 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] INFO  NodeImpl:2668 - Node <rhea_example--1/127.0.0.1:8182> term 0 start preVote.
2024-07-03 11:30:29 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8183 is connected
2024-07-03 11:30:29 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] ERROR AbstractClientService:156 - Fail to connect 127.0.0.1:8183, remoting exception: com.alipay.remoting.rpc.exception.InvokeSendFailedException: Rpc invocation send failed! the address is 127.0.0.1:8183.
2024-07-03 11:30:29 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] WARN  NodeImpl:2700 - Node <rhea_example--1/127.0.0.1:8182> channel init failed, address=127.0.0.1:8183.
2024-07-03 11:30:29 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] ERROR AbstractClientService:156 - Fail to connect 127.0.0.1:8181, remoting exception: com.alipay.remoting.rpc.exception.InvokeSendFailedException: Rpc invocation send failed! the address is 127.0.0.1:8181.
2024-07-03 11:30:29 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] WARN  NodeImpl:2700 - Node <rhea_example--1/127.0.0.1:8182> channel init failed, address=127.0.0.1:8181.
2024-07-03 11:30:29 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8181 is connected
2024-07-03 11:30:29 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8183 is connected
2024-07-03 11:30:30 [Bolt-conn-event-executor-10-thread-1] INFO  RpcRequestProcessor:514 - Connection disconnected: 127.0.0.1:14848
2024-07-03 11:30:30 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8181 is connected
2024-07-03 11:30:30 [Bolt-conn-event-executor-10-thread-1] INFO  RpcRequestProcessor:514 - Connection disconnected: 127.0.0.1:14850
2024-07-03 11:30:31 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] INFO  NodeImpl:2668 - Node <rhea_example--1/127.0.0.1:8182> term 0 start preVote.
2024-07-03 11:30:31 [Bolt-conn-event-executor-12-thread-1] INFO  ClientServiceConnectionEventProcessor:50 - Peer 127.0.0.1:8183 is connected
2024-07-03 11:30:31 [JRaft-ElectionTimer-<rhea_example--1/127.0.0.1:8182>0] ERROR AbstractClientService:156 - Fail to connect 127.0.0.1:8183, remoting exception: com.alipay.remoting.rpc.exception.InvokeSendFailedException: Rpc invocation send failed! the address is 127.0.0.1:8183.

Your scenes

Describe your use scenes (why need this feature)

Your advice

Describe the advice or solution you'd like

Environment

咨询一下如何正确开启SSL认证?

Tacode commented 4 days ago

问题已解决,官方文档给出生的证书没有将客户端的证书文件导入服务端keystone,同时配置又开启了双向认证,导致失败,建议官方修改一下文档