[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [hono-dev] Connect Hono to the Azure Service Bus
|
On Mon, 2018-04-30 at 11:47 +0000, Maas Ingo (CS/EFS2) wrote:
> I think, the issue is related to a missing CA certificate in OpenJDK, in your
> case the Azure CA certificate.
>
> OpenJDK doesn't include the certificates provided by Oracle JDK. This is
> currently addressed, see http://openjdk.java.net/jeps/319 and https://bugs.open
> jdk.java.net/browse/JDK-8189131
> You can add the Azure certificate yourself by using the Java keytool. How it
> works and which certificate to use is explained here: https://docs.microsoft.co
> m/en-us/azure/java-add-certificate-ca-store
> You will have to update the Hono containers.
>
If the missing CA cert is the reason, then there is an easier way of fixing it.
Simply set Hono Messaging's environment variable HONO_DOWNSTREAM_TRUST_STORE_PATH
[1] to the absolute path to a PEM file that contains the CA cert from Azure. You
can add the file as a secret in kubernetes and mount it into the Hono Messaging
container.
[1] https://www.eclipse.org/hono/admin-guide/hono-messaging-config/#amqp-1-0-mess
aging-network-connection-configuration
> Mit freundlichen Grüßen / Best regards
>
> Ingo Maas
> CS/EFS2
>
> Tel. +49 30 726112-156
>
>
> -----Original Message-----
> From: hono-dev-bounces@xxxxxxxxxxx [mailto:hono-dev-bounces@xxxxxxxxxxx] On
> Behalf Of Graser Leon (INST-CSS/BSV-OS)
> Sent: Freitag, 27. April 2018 09:08
> To: hono developer discussions <hono-dev@xxxxxxxxxxx>
> Subject: Re: [hono-dev] Connect Hono to the Azure Service Bus
>
> Hi,
>
> The original problem was to connect hono-messaging to the Azure service bus.
> Therefore, I set the hono-service-messaging.config.yml of my Kubernetes cluster
> to:
> > > > downstream:
> > > > host: az-service-bus.hono
> > > > port: 5672
> > > > tlsEnabled: true
> > > > password: <primary key generated by
> > > > Azure>
> > > > username: hono-messaging where the
>
> Changed the port to 5671 by now to test.
>
> I get the following error logs:
> Using host: az-service-bus.hono
> 06:56:30.770 [vert.x-eventloop-thread-1]
> INFO o.e.h.e.i.ForwardingEventDownstreamAdapter - attempting to re-connect to
> downstream container
> 06:56:30.770 [vert.x-eventloop-thread-1] DEBUG o.e.h.c.ConnectionFactoryImpl -
> connecting to AMQP 1.0 container [amqps://az-service-bus.hono:5671]
> 06:56:30.844 [vert.x-eventloop-thread-1] DEBUG o.e.h.c.ConnectionFactoryImpl -
> can't connect to AMQP 1.0 container [amqps://az-service-bus.hono:5671]: General
> SSLEngine problem
> 06:56:30.844 [vert.x-eventloop-thread-1]
> INFO o.e.h.e.i.ForwardingEventDownstreamAdapter - failed to connect to
> downstream container: General SSLEngine problem
> 06:56:30.844 [vert.x-eventloop-thread-1]
> WARN i.n.channel.DefaultChannelPipeline - An exceptionCaught() event was
> fired, and it reached at the tail of the pipeline. It usually means the last
> handler in the pipeline did not handle the exception.
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException:
> General SSLEngine problem
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.jav
> a:459)
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.ja
> va:265)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:362)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:348)
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelH
> andlerContext.java:340)
> at
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelP
> ipeline.java:1359)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:362)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:348)
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.
> java:935)
> at
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteC
> hannel.java:134)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.jav
> a:580)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecu
> tor.java:858)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at
> io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:281)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1215)
> at
> io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1127)
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162)
> at
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(Byte
> ToMessageDecoder.java:489)
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.jav
> a:428)
> ... 15 common frames omitted
>
> Using host: appstacle.servicebus.windows.net
> 06:59:23.275 [vert.x-eventloop-thread-1]
> INFO o.e.h.t.i.ForwardingTelemetryDownstreamAdapter - failed to connect to
> downstream container: Search domain query failed. Original hostname:
> 'appstacle.servicebus.windows.net' failed to resolve
> 'appstacle.servicebus.windows.net.hhzncl1mh3belnzmy10wgo2und.ax.internal.clouda
> pp.net' after 3 queries
> 06:59:23.275 [vert.x-eventloop-thread-1] DEBUG o.e.h.c.ConnectionFactoryImpl -
> can't connect to AMQP 1.0 container
> [amqps://appstacle.servicebus.windows.net:5671]: Search domain query failed.
> Original hostname: 'appstacle.servicebus.windows.net' failed to resolve
> 'appstacle.servicebus.windows.net.hhzncl1mh3belnzmy10wgo2und.ax.internal.clouda
> pp.net' after 3 queries
> 06:59:23.275 [vert.x-eventloop-thread-1]
> INFO o.e.h.e.i.ForwardingEventDownstreamAdapter - failed to connect to
> downstream container: Search domain query failed. Original hostname:
> 'appstacle.servicebus.windows.net' failed to resolve
> 'appstacle.servicebus.windows.net.hhzncl1mh3belnzmy10wgo2und.ax.internal.clouda
> pp.net' after 3 queries
>
> Using host: 52.166.127.37
> 07:02:10.746 [vert.x-eventloop-thread-1]
> INFO o.e.h.e.i.ForwardingEventDownstreamAdapter - attempting to re-connect to
> downstream container
> 07:02:10.746 [vert.x-eventloop-thread-1] DEBUG o.e.h.c.ConnectionFactoryImpl -
> connecting to AMQP 1.0 container [amqps://52.166.127.37:5671]
> 07:02:10.762 [vert.x-eventloop-thread-1] DEBUG o.e.h.c.ConnectionFactoryImpl -
> can't connect to AMQP 1.0 container [amqps://52.166.127.37:5671]: General
> SSLEngine problem
> 07:02:10.762 [vert.x-eventloop-thread-1]
> INFO o.e.h.e.i.ForwardingEventDownstreamAdapter - failed to connect to
> downstream container: General SSLEngine problem
> 07:02:10.763 [vert.x-eventloop-thread-1]
> WARN i.n.channel.DefaultChannelPipeline - An exceptionCaught() event was
> fired, and it reached at the tail of the pipeline. It usually means the last
> handler in the pipeline did not handle the exception.
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException:
> General SSLEngine problem
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.jav
> a:459)
> at
> io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.ja
> va:265)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:362)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:348)
> at
> io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelH
> andlerContext.java:340)
> at
> io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelP
> ipeline.java:1359)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:362)
> at
> io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChanne
> lHandlerContext.java:348)
> at
> io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.
> java:935)
> at
> io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteC
> hannel.java:134)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.jav
> a:580)
> at
> io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:497)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
> at
> io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecu
> tor.java:858)
> at java.lang.Thread.run(Thread.java:748)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)
> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
> at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
> at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
> at
> io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:281)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1215)
> at
> io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1127)
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162)
> at
> io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(Byte
> ToMessageDecoder.java:489)
> at
> io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.jav
> a:428)
> ... 15 common frames omitted
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
> at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
> at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
> at
> sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:966)
> at sun.security.ssl.Handshaker$1.run(Handshaker.java:963)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416)
> at
> io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1364)
>
> any idea, thoughts etc. are highly welcome :)
>
> Mit freundlichen Grüßen / Best regards
>
> Leon Graser
>
> Open Source Services - Product Group Customer Success Services (INST-CSS/BSV-
> OS) Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY
> | www.bosch-si.com Tel. +49 30 726112-284 | Leon.Graser@xxxxxxxxxxxx
>
> Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
> Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
> Stefan Ferber, Michael Hahn
>
>
>
> -----Original Message-----
> From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> On Behalf Of
> Hudalla Kai (INST/ECS4)
> Sent: Donnerstag, 26. April 2018 17:52
> To: hono-dev@xxxxxxxxxxx
> Subject: Re: [hono-dev] Connect Hono to the Azure Service Bus
>
> On Thu, 2018-04-26 at 14:28 +0000, Graser Leon (INST-CSS/BSV-OS) wrote:
> > Hi,
> >
> > Yes. That's what I checked to make sure the name is resolvable from
> > within cluster.
> >
> > leon@ubuntu:~$ kubectl exec -it busybox -- nslookup
> > appstacle.servicebus.windows.net
> > Server: 10.0.0.10
> > Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
> >
> > Name: appstacle.servicebus.windows.net
> > Address 1: 52.166.127.37
> > leon@ubuntu:~$ kubectl exec -it busybox -- nslookup az-service-bus.hono
> > Server: 10.0.0.10
> > Address 1: 10.0.0.10 kube-dns.kube-system.svc.cluster.local
> >
> > Name: az-service-bus.hono
> > Address 1: 52.166.127.37
> >
>
> Looks good. Now what is your problem again?
>
> > Mit freundlichen Grüßen / Best regards
> >
> > Leon Graser
> > INST-CSS/BSV-OS
> >
> > Tel. +49 30 726112-284
> >
> >
> > -----Original Message-----
> > From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> On
> > Behalf Of Hudalla Kai (INST/ECS4)
> > Sent: Donnerstag, 26. April 2018 15:53
> > To: hono-dev@xxxxxxxxxxx
> > Subject: Re: [hono-dev] Connect Hono to the Azure Service Bus
> >
> > On Thu, 2018-04-26 at 08:57 +0000, Graser Leon (INST-CSS/BSV-OS) wrote:
> > > Hi,
> > >
> > > Hono is running on Azure using their managed Kubernetes service
> > > https://azure.m icrosoft.com/en-us/services/container-service/
> > >
> > > The hostname of the service bus is stored inside a Kubernetes
> > > externalName service
> > > https://v1-8.docs.kubernetes.io/docs/concepts/services-networking/se
> > > rv
> > > i
> > > ce/
> > > kind: Service
> > > apiVersion: v1
> > > metadata:
> > > name: az-service-bus
> > > spec:
> > > type: ExternalName
> > > externalName: appstacle.servicebus.windows.net
> > >
> > > and the Kubernetes DNS services uses the Google public DNS 8.8.8.8.
> > > The IP can be received via nslookup.
> > >
> >
> > What is this supposed to mean? Are you able to successfully do a
> > nslookup appstacle.servicebus.windows.net from a pod running on the
> > kubernetes cluster?
> >
> > >
> > > Mit freundlichen Grüßen / Best regards
> > >
> > > Leon Graser
> > > INST-CSS/BSV-OS
> > >
> > > Tel. +49 30 726112-284
> > >
> > >
> > > -----Original Message-----
> > > From: hono-dev-bounces@xxxxxxxxxxx <hono-dev-bounces@xxxxxxxxxxx> On
> > > Behalf Of Hudalla Kai (INST/ECS4)
> > > Sent: Donnerstag, 26. April 2018 09:20
> > > To: hono-dev@xxxxxxxxxxx
> > > Subject: Re: [hono-dev] Connect Hono to the Azure Service Bus
> > >
> > > On Wed, 2018-04-25 at 12:09 +0000, Graser Leon (INST-CSS/BSV-OS) wrote:
> > > > Hi all,
> > > >
> > > > For a project I currently try to connect Hono to the Azure Service
> > > > Bus via AMQP. Therefore, I created an instance of the Serviec Bus
> > > > on Microsoft Azure and an access policy.
> > > >
> > >
> > > Are you running Hono on Azure as well? Are your deploying Hono to
> > > Docker Swarm or Kubernetes/OPenShift?
> > >
> > > > In the hono-service-messaging-config.yml file I tried to replace
> > > > the
> > > > hono- dispatch-router with the service bus details like this:
> > > > downstream:
> > > > host: az-service-bus.hono
> > > > port: 5672
> > > > tlsEnabled: true
> > > > password: <primary key generated by
> > > > Azure>
> > > > username: hono-messaging where the
> > > > az-service-bus.hono maps to the respective url of the service bus
> > > > <name>.servicebus.windows.net.
> > >
> > > What do you mean by "maps to the respective URL"? The "host"
> > > variable is supposed to hold the DNS name of the service you want to
> > > connect to. So, setting it to "az-service-bus.hono" would require
> > > that name to be resolvable to the IP address of the Azure Service
> > > Bus endpoint you want to connect to.
> > >
> > > > I’m afraid I’m using the wrong parameters to connect Hono to the
> > > > service bus.
> > > > Is it possible to connect Hono to the Azure Service Bus? Is it a
> > > > matter of parameters? Or did I simply miss something in the
> > > > architecture of Hono?
> > > >
> > > > Cheers,
> > > > Leon
> > > >
> > > >
> > > > Mit freundlichen Grüßen / Best regards
> > > >
> > > > Leon Graser
> > > > INST-CSS/BSV-OS
> > > >
> > > > Tel. +49 30 726112-284
> > > >
> > > > _______________________________________________
> > > > hono-dev mailing list
> > > > hono-dev@xxxxxxxxxxx
> > > > To change your delivery options, retrieve your password, or
> > > > unsubscribe from this list, visit
> > > > https://dev.eclipse.org/mailman/listinfo/hono-dev
> > >
> > > _______________________________________________
> > > hono-dev mailing list
> > > hono-dev@xxxxxxxxxxx
> > > To change your delivery options, retrieve your password, or
> > > unsubscribe from this list, visit
> > > https://dev.eclipse.org/mailman/listinfo/hono-dev
> > > _______________________________________________
> > > hono-dev mailing list
> > > hono-dev@xxxxxxxxxxx
> > > To change your delivery options, retrieve your password, or
> > > unsubscribe from this list, visit
> > > https://dev.eclipse.org/mailman/listinfo/hono-dev
> >
> > _______________________________________________
> > hono-dev mailing list
> > hono-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or
> > unsubscribe from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/hono-dev
> > _______________________________________________
> > hono-dev mailing list
> > hono-dev@xxxxxxxxxxx
> > To change your delivery options, retrieve your password, or
> > unsubscribe from this list, visit
> > https://dev.eclipse.org/mailman/listinfo/hono-dev
>
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit https://dev.eclipse.org/mailman/listinfo/hono-dev
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev
> _______________________________________________
> hono-dev mailing list
> hono-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from
> this list, visit
> https://dev.eclipse.org/mailman/listinfo/hono-dev