Hydrator plugin fails with SSL Error on Java 7
15 views
Skip to first unread message
junhi...@gmail.com
Jul 13, 2017, 6:26:46 PM7/13/17
to CDAP User
Hi,
We have a custom Hydrator plugin that calls a Rest API. The API is being hosted on a server that just got upgraded to TLSv1.2.
If the pipeline runs on Java 8, it works fine.
However, the plugin fails with SSL Error (SSL peer shut down incorrectly) when executed on Java 7.
Unfortunately, the cluster where the Pipeline will be installed in production has Java 7.
I've tried adding the code below to overrride the protocol as recommended on most forums :
System.setProperty("https.protocols", "TLSv1.2");
Still it did not fix the SSL error.
Does CDAP ignore the protocol override under the covers ? Do you have any other work around ?
Thanks,
Jun
We have a custom Hydrator plugin that calls a Rest API. The API is being hosted on a server that just got upgraded to TLSv1.2.
If the pipeline runs on Java 8, it works fine.
However, the plugin fails with SSL Error (SSL peer shut down incorrectly) when executed on Java 7.
Unfortunately, the cluster where the Pipeline will be installed in production has Java 7.
I've tried adding the code below to overrride the protocol as recommended on most forums :
System.setProperty("https.protocols", "TLSv1.2");
Still it did not fix the SSL error.
Does CDAP ignore the protocol override under the covers ? Do you have any other work around ?
Thanks,
Jun
Ali Anwar
Jul 13, 2017, 7:41:26 PM7/13/17
to cdap...@googlegroups.com
Hi Jun.
Where in your code (which method) are you calling the System.setProperty method?
Also, can you attach the full logs, that include the error?
Thanks,
Ali Anwar
Where in your code (which method) are you calling the System.setProperty method?
Also, can you attach the full logs, that include the error?
Thanks,
Ali Anwar
--
You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+unsubscribe@googlegroups.com.
To post to this group, send email to cdap...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/3dfbeba3-34ed-4f4c-8114-4b1160ad14ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
junhi...@gmail.com
Jul 14, 2017, 2:29:13 AM7/14/17
to CDAP User, junhi...@gmail.com
Hi Ali,
It's called from a sub-class. I tried moving it to the action class' run() method and got the same error.
Here's the code snippet (failing on line in red) :
It's called from a sub-class. I tried moving it to the action class' run() method and got the same error.
Here's the code snippet (failing on line in red) :
System.setProperty("https.protocols", "TLSv1.2");
LOG.info("SSL fix version: https.protocols=TLSv1.2");
for (String[] pdpConfig : this.pdps) {
// 7/12
//System.setProperty("https.protocols", "TLSv1.1,TLSv1.2");
//System.setProperty("https.protocols", "TLSv1.2");
//LOG.info("SSL fix version: https.protocols=TLSv1.2");
HttpClient client = HttpClientBuilder.create().build();
HttpPost post = new HttpPost(pdpConfig[0]);
post.setHeader("Content-Type", "application/json");
post.setHeader("Accept", "application/json");
post.setHeader("ClientAuth", pdpConfig[1]);
post.setHeader("Authorization", pdpConfig[2]);
post.setHeader("Environment", pdpConfig[3]);
JsonObject json = new JsonObject();
json.add("policyName", new JsonParser().parse(".*Config_" + policyName + ".*").getAsJsonPrimitive());
StringEntity stringEntity = new StringEntity(json.toString());
post.setEntity(stringEntity);
HttpResponse response = client.execute(post);
int statusCode = response.getStatusLine().getStatusCode();
And portion of the logs :
Thanks,
Jun
for (String[] pdpConfig : this.pdps) {
// 7/12
//System.setProperty("https.protocols", "TLSv1.1,TLSv1.2");
//System.setProperty("https.protocols", "TLSv1.2");
//LOG.info("SSL fix version: https.protocols=TLSv1.2");
HttpClient client = HttpClientBuilder.create().build();
HttpPost post = new HttpPost(pdpConfig[0]);
post.setHeader("Content-Type", "application/json");
post.setHeader("Accept", "application/json");
post.setHeader("ClientAuth", pdpConfig[1]);
post.setHeader("Authorization", pdpConfig[2]);
post.setHeader("Environment", pdpConfig[3]);
JsonObject json = new JsonObject();
json.add("policyName", new JsonParser().parse(".*Config_" + policyName + ".*").getAsJsonPrimitive());
StringEntity stringEntity = new StringEntity(json.toString());
post.setEntity(stringEntity);
HttpResponse response = client.execute(post);
int statusCode = response.getStatusLine().getStatusCode();
And portion of the logs :
2017-07-14 06:15:01,375 - INFO [WorkflowDriver:c.a.e.d.a.p.p.PolicyManagerPDPInterface@99] - SSL fix version: https.protocols=TLSv1.2
2017-07-14 06:15:02,364 - INFO [NettyHttpService STOPPING:c.c.h.NettyHttpService@274] - Stopping WorkflowDriver http service on address /127.0.0.1:45212...
2017-07-14 06:15:02,371 - INFO [NettyHttpService STOPPING:c.c.h.NettyHttpService@288] - Stopped WorkflowDriver http service on address /127.0.0.1:45212
2017-07-14 06:15:02,410 - INFO [WorkflowDriver:c.c.c.i.a.r.w.WorkflowProgramController@98] - Workflow service failed from RUNNING. Un-registering service workflow.gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.DataPipelineWorkflow.c405da5c-685b-11e7-8170-080027ca8ad7.
java.lang.RuntimeException: java.io.EOFException: SSL peer shut down incorrectly
at com.google.common.base.Throwables.propagate(Throwables.java:160) ~[com.google.guava.guava-13.0.1.jar:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:570) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.run(WorkflowDriver.java:547) ~[na:na]
at com.google.common.util.concurrent.AbstractExecutionThreadService$1$1.run(AbstractExecutionThreadService.java:52) ~[com.google.guava.guava-13.0.1.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_121]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:944) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353) ~[na:1.7.0_121]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[na:na]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[na:na]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) ~[na:na]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[na:na]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[na:na]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[na:na]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[na:na]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[na:na]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[na:na]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[na:na]
at com.att.ecomp.dcae.analytics.plugins.policy.PolicyManagerPDPInterface.getPolicy(PolicyManagerPDPInterface.java:121) ~[na:na]
at com.att.ecomp.dcae.analytics.plugins.policy.PolicyManagerPDPInterface.getPolicies(PolicyManagerPDPInterface.java:79) ~[na:na]
at com.att.ecomp.dcae.analytics.plugins.policy.batch.action.PolicyAction.run(PolicyAction.java:107) ~[na:na]
at co.cask.cdap.etl.batch.customaction.PipelineAction.run(PipelineAction.java:85) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor$2.run(CustomActionExecutor.java:190) ~[na:na]
at co.cask.cdap.internal.app.runtime.AbstractContext.executeChecked(AbstractContext.java:492) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.executeCustomAction(CustomActionExecutor.java:187) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.execute(CustomActionExecutor.java:125) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeCustomAction(WorkflowDriver.java:437) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeNode(WorkflowDriver.java:460) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:561) ~[na:na]
... 3 common frames omitted
2017-07-14 06:15:02,412 - INFO [WorkflowDriver:c.c.c.i.a.r.w.WorkflowProgramController@104] - Service workflow.gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.DataPipelineWorkflow.c405da5c-685b-11e7-8170-080027ca8ad7 unregistered.
2017-07-14 06:15:02,414 - DEBUG [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.a.r.AbstractProgramRuntimeService@433] - Removing RuntimeInfo: Workflow DataPipelineWorkflow c405da5c-685b-11e7-8170-080027ca8ad7
2017-07-14 06:15:02,416 - DEBUG [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.a.r.AbstractProgramRuntimeService@436] - RuntimeInfo removed: RuntimeInfo{programId=program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow, twillRunId=null}
2017-07-14 06:15:02,448 - INFO [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.i.a.r.w.WorkflowProgramRunner@234] - Program program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow with run id c405da5c-685b-11e7-8170-080027ca8ad7 stopped because of error java.lang.RuntimeException: java.io.EOFException: SSL peer shut down incorrectly.
2017-07-14 06:15:02,449 - WARN [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.i.a.r.p.PluginInstantiator@341] - Failed to delete directory /opt/cdap/sdk-4.1.0/data/tmp/1500012900874-0
2017-07-14 06:15:02,364 - INFO [NettyHttpService STOPPING:c.c.h.NettyHttpService@274] - Stopping WorkflowDriver http service on address /127.0.0.1:45212...
2017-07-14 06:15:02,371 - INFO [NettyHttpService STOPPING:c.c.h.NettyHttpService@288] - Stopped WorkflowDriver http service on address /127.0.0.1:45212
2017-07-14 06:15:02,410 - INFO [WorkflowDriver:c.c.c.i.a.r.w.WorkflowProgramController@98] - Workflow service failed from RUNNING. Un-registering service workflow.gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.DataPipelineWorkflow.c405da5c-685b-11e7-8170-080027ca8ad7.
java.lang.RuntimeException: java.io.EOFException: SSL peer shut down incorrectly
at com.google.common.base.Throwables.propagate(Throwables.java:160) ~[com.google.guava.guava-13.0.1.jar:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:570) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.run(WorkflowDriver.java:547) ~[na:na]
at com.google.common.util.concurrent.AbstractExecutionThreadService$1$1.run(AbstractExecutionThreadService.java:52) ~[com.google.guava.guava-13.0.1.jar:na]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_121]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:944) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369) ~[na:1.7.0_121]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353) ~[na:1.7.0_121]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[na:na]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[na:na]
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141) ~[na:na]
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[na:na]
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[na:na]
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[na:na]
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[na:na]
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[na:na]
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[na:na]
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) ~[na:na]
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[na:na]
at com.att.ecomp.dcae.analytics.plugins.policy.PolicyManagerPDPInterface.getPolicy(PolicyManagerPDPInterface.java:121) ~[na:na]
at com.att.ecomp.dcae.analytics.plugins.policy.PolicyManagerPDPInterface.getPolicies(PolicyManagerPDPInterface.java:79) ~[na:na]
at com.att.ecomp.dcae.analytics.plugins.policy.batch.action.PolicyAction.run(PolicyAction.java:107) ~[na:na]
at co.cask.cdap.etl.batch.customaction.PipelineAction.run(PipelineAction.java:85) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor$2.run(CustomActionExecutor.java:190) ~[na:na]
at co.cask.cdap.internal.app.runtime.AbstractContext.executeChecked(AbstractContext.java:492) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.executeCustomAction(CustomActionExecutor.java:187) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.CustomActionExecutor.execute(CustomActionExecutor.java:125) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeCustomAction(WorkflowDriver.java:437) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeNode(WorkflowDriver.java:460) ~[na:na]
at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.executeAll(WorkflowDriver.java:561) ~[na:na]
... 3 common frames omitted
2017-07-14 06:15:02,412 - INFO [WorkflowDriver:c.c.c.i.a.r.w.WorkflowProgramController@104] - Service workflow.gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.DataPipelineWorkflow.c405da5c-685b-11e7-8170-080027ca8ad7 unregistered.
2017-07-14 06:15:02,414 - DEBUG [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.a.r.AbstractProgramRuntimeService@433] - Removing RuntimeInfo: Workflow DataPipelineWorkflow c405da5c-685b-11e7-8170-080027ca8ad7
2017-07-14 06:15:02,416 - DEBUG [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.a.r.AbstractProgramRuntimeService@436] - RuntimeInfo removed: RuntimeInfo{programId=program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow, twillRunId=null}
2017-07-14 06:15:02,448 - INFO [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.i.a.r.w.WorkflowProgramRunner@234] - Program program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow with run id c405da5c-685b-11e7-8170-080027ca8ad7 stopped because of error java.lang.RuntimeException: java.io.EOFException: SSL peer shut down incorrectly.
2017-07-14 06:15:02,449 - WARN [pcontroller-program:gamma.Gamma_Postgresql_Pipeline_v2_ssl_fix.-SNAPSHOT.workflow.DataPipelineWorkflow-c405da5c-685b-11e7-8170-080027ca8ad7:c.c.c.i.a.r.p.PluginInstantiator@341] - Failed to delete directory /opt/cdap/sdk-4.1.0/data/tmp/1500012900874-0
Thanks,
Jun
Ali Anwar
Jul 14, 2017, 11:21:06 PM7/14/17
to cdap...@googlegroups.com, junhi...@gmail.com
Hey Jun.
I'm not really sure about the issue; it seems to be an issue not related to CDAP.
However, I found this online; could you try this suggestion: https://stackoverflow.com/a/42291244.
Thanks,
Ali Anwar
I'm not really sure about the issue; it seems to be an issue not related to CDAP.
However, I found this online; could you try this suggestion: https://stackoverflow.com/a/42291244.
Thanks,
Ali Anwar
--
You received this message because you are subscribed to the Google Groups "CDAP User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cdap-user+unsubscribe@googlegroups.com.
To post to this group, send email to cdap...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cdap-user/c99eae4e-905f-4edb-b2a0-22dd7877ff19%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages