Pivotal Knowledge Base

Follow

Jar depoloyment fails when SSL is enabled in v9.3.0

Issue:

When SSL is enabled on the cluster in v9.3.0, jar deployment might fail with an error shown below:

Cluster-1 gfsh>deploy --jar=/tmp/XXX.jar

Deploying files: XXX.jar 
Total file size is: 0.00MB

Continue? (Y/n): y 
Member | Deployed JAR | Deployed JAR Location 
--------------------- | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
server1-node1 | | ERROR: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 

The same SSL configuration settings used to work without an error in the previous version of GemFire.

 

Cause:

In v9.3.0,  Jar deployment mechanism has changed to a streaming library from pushing complete byte[] arrays around, which was causing out of memory issues before.

Now each server has to make an RMI connection to the locator in order to retrieve the jars being deployed by gfsh to the locator.

The issue is this RMI connection might fail because the appropriate truststore is not being configured.

 

Solution:

A workaround would be to set the following Java system properties on the server:

javax.net.ssl.keyStore
javax.net.ssl.keyStorePassword
javax.net.ssl.trustStore
javax.net.ssl.trustStorePassword

The above properties will allow the client RMI SSL connections to be configured correctly with the correct key/trust stores.

 

 

Comments

Powered by Zendesk