geode examples of clientSecurity run failed

Question

version 1.10 , Apache geode exampples of clientSecurity

when I build the project and execute the 'start' task, the GemFireSecurityException always occurs when start the server. even I can find the file "example_security.json" in the dir build/resources/main/.

and locator can find the file but server can't, why?

> Task :clientSecurity:start
1. Executing - start locator --name=locator --bind-address=127.0.0.1 --connect=false  --security-properties-file=******** --classpath=../build/resources/main/

........
Locator in C:\Users\kenneth\Desktop\geode-examples-master\clientSecurity\locator on 127.0.0.1[10334] as locator is currently online.
2. Executing - start server --name=server1 --locators=127.0.0.1[10334]  --classpath=../build/resources/main/:../build/classes/java/main/  --security-properties-file=******** --server-port=0  --user=superUser --password=********

...The Cache Server process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\kenneth\Desktop\geode-examples-master\clientSecurity\server1 for full details.

Exception in thread "main" org.apache.geode.security.GemFireSecurityException: ExampleSecurityManager: unable to find json resource "example_security.json" as specified by [security-json].
    at org.apache.geode.distributed.ServerLauncher.start(ServerLauncher.java:842)
    at org.apache.geode.distributed.ServerLauncher.run(ServerLauncher.java:732)
    at org.apache.geode.distributed.ServerLauncher.main(ServerLauncher.java:251)


************************* Execution Summary ***********************
Script file: C:\Users\kenneth\Desktop\geode-examples-master\clientSecurity\scripts\start.gfsh

Command-1 : start locator --name=locator --bind-address=127.0.0.1 --connect=false  --security-properties-file=example_security.properties --classpath=../build/resources/main/
Status    : PASSED

Command-2 : start server --name=server1 --locators=127.0.0.1[10334]  --classpath=../build/resources/main/:../build/classes/java/main/  --security-properties-file=./example_security.properties --server-port=0  --user=superUser --password=123
Status    : FAILED

score 0 · Answer 1 · answered Nov 18 '19 at 11:32

I've just tried this myself locally and it worked just fine, below is the execution output:

user@localhost~/git/geode-examples ((rel/v1.10.0)): cd clientSecurity/
user@localhost~/git/geode-examples/clientSecurity ((rel/v1.10.0)): ../gradlew build

> Task :clientSecurity:compileJava
Note: /Users/user/git/geode-examples/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/ExampleAuthInit.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.

BUILD SUCCESSFUL in 17s
5 actionable tasks: 4 executed, 1 up-to-date
user@localhost~/git/geode-examples/clientSecurity ((rel/v1.10.0)): ../gradlew start

> Task :clientSecurity:start
1. Executing - start locator --name=locator --bind-address=127.0.0.1 --connect=false  --security-properties-file=******** --classpath=../build/resources/main/

......
Locator in /Users/user/git/geode-examples/clientSecurity/locator on 127.0.0.1[10334] as locator is currently online.
Process ID: 3103
Uptime: 8 seconds
Geode Version: 1.10.0
Java Version: 1.8.0_221
Log File: /Users/user/git/geode-examples/clientSecurity/locator/locator.log
JVM Arguments: -DgemfireSecurityPropertyFile=/Users/user/git/geode-examples/clientSecurity/example_security.properties -Dgemfire.enable-cluster-configuration=true -Dgemfire.load-cluster-configuration-from-dir=false -Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true -Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: /Users/user/git/geode-examples/build/apache-geode-1.10.0/lib/geode-core-1.10.0.jar:../build/resources/main/:/Users/user/git/geode-examples/build/apache-geode-1.10.0/lib/geode-dependencies.jar

2. Executing - start server --name=server1 --locators=127.0.0.1[10334]  --classpath=../build/resources/main/:../build/classes/java/main/  --security-properties-file=******** --server-port=0  --user=superUser --password=********

...==========-> 94% EXECUTING [11s]
Server in /Users/user/git/geode-examples/clientSecurity/server1 on 10.255.203.195[50649] as server1 is currently online.
Process ID: 3119
Uptime: 3 seconds
Geode Version: 1.10.0
Java Version: 1.8.0_221
Log File: /Users/user/git/geode-examples/clientSecurity/server1/server1.log
JVM Arguments: -DgemfireSecurityPropertyFile=/Users/user/git/geode-examples/clientSecurity/./example_security.properties -Dgemfire.locators=127.0.0.1[10334] -Dgemfire.security-username=superUser -Dgemfire.start-dev-rest-api=false -Dgemfire.security-password=******** -Dgemfire.use-cluster-configuration=true -XX:OnOutOfMemoryError=kill -KILL %p -Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true -Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: /Users/user/git/geode-examples/build/apache-geode-1.10.0/lib/geode-core-1.10.0.jar:../build/resources/main/:../build/classes/java/main/:/Users/user/git/geode-examples/build/apache-geode-1.10.0/lib/geode-dependencies.jar

3. Executing - start server --name=server2 --locators=127.0.0.1[10334]  --classpath=../build/resources/main/:../build/classes/java/main/  --security-properties-file=******** --server-port=0  --user=superUser --password=********

...
Server in /Users/user/git/geode-examples/clientSecurity/server2 on 10.255.203.195[50674] as server2 is currently online.
Process ID: 3120
Uptime: 3 seconds
Geode Version: 1.10.0
Java Version: 1.8.0_221
Log File: /Users/user/git/geode-examples/clientSecurity/server2/server2.log
JVM Arguments: -DgemfireSecurityPropertyFile=/Users/user/git/geode-examples/clientSecurity/./example_security.properties -Dgemfire.locators=127.0.0.1[10334] -Dgemfire.security-username=superUser -Dgemfire.start-dev-rest-api=false -Dgemfire.security-password=******** -Dgemfire.use-cluster-configuration=true -XX:OnOutOfMemoryError=kill -KILL %p -Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true -Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: /Users/user/git/geode-examples/build/apache-geode-1.10.0/lib/geode-core-1.10.0.jar:../build/resources/main/:../build/classes/java/main/:/Users/user/git/geode-examples/build/apache-geode-1.10.0/lib/geode-dependencies.jar

4. Executing - connect --user=superUser --password=******** --use-ssl=true    --key-store=keystore.jks --key-store-password=********    --trust-store=truststore.jks --trust-store-password=********

Connecting to Locator at [host=localhost, port=10334] ..
Connecting to Manager at [host=10.255.203.195, port=1099] ..
Successfully connected to: [host=10.255.203.195, port=1099]

5. Executing - create region --name=region1 --type=REPLICATE

Member  | Status | Message
------- | ------ | --------------------------------------
server1 | OK     | Region "/region1" created on "server1"
server2 | OK     | Region "/region1" created on "server2"

Cluster configuration for group 'cluster' is updated.

6. Executing - create region --name=region2 --type=PARTITION

Member  | Status | Message
------- | ------ | --------------------------------------
server1 | OK     | Region "/region2" created on "server1"
server2 | OK     | Region "/region2" created on "server2"

Cluster configuration for group 'cluster' is updated.

************************* Execution Summary ***********************
Script file: /Users/user/git/geode-examples/clientSecurity/scripts/start.gfsh

Command-1 : start locator --name=locator --bind-address=127.0.0.1 --connect=false  --security-properties-file=example_security.properties --classpath=../build/resources/main/
Status    : PASSED

Command-2 : start server --name=server1 --locators=127.0.0.1[10334]  --classpath=../build/resources/main/:../build/classes/java/main/  --security-properties-file=./example_security.properties --server-port=0  --user=superUser --password=123
Status    : PASSED

Command-3 : start server --name=server2 --locators=127.0.0.1[10334]  --classpath=../build/resources/main/:../build/classes/java/main/  --security-properties-file=./example_security.properties --server-port=0  --user=superUser --password=123
Status    : PASSED

Command-4 : connect --user=superUser --password=123 --use-ssl=true    --key-store=keystore.jks --key-store-password=password    --trust-store=truststore.jks --trust-store-password=password
Status    : PASSED

Command-5 : create region --name=region1 --type=REPLICATE
Status    : PASSED

Command-6 : create region --name=region2 --type=PARTITION
Status    : PASSED


BUILD SUCCESSFUL in 28s
8 actionable tasks: 2 executed, 6 up-to-date
user@localhost~/git/geode-examples/clientSecurity ((rel/v1.10.0)): ../gradlew stop

> Task :clientSecurity:stop
1. Executing - connect --locator=127.0.0.1[10334] --user=superUser --password=******** --use-ssl=true     --key-store=./keystore.jks --key-store-password=********     --trust-store=./truststore.jks --trust-store-password=********

Connecting to Locator at [host=127.0.0.1, port=10334] ..
Connecting to Manager at [host=10.255.203.195, port=1099] ..
Successfully connected to: [host=10.255.203.195, port=1099]

2. Executing - shutdown --include-locators=true

Shutdown is triggered

************************* Execution Summary ***********************
Script file: /Users/user/git/geode-examples/clientSecurity/scripts/stop.gfsh

Command-1 : connect --locator=127.0.0.1[10334] --user=superUser --password=123 --use-ssl=true     --key-store=./keystore.jks --key-store-password=password     --trust-store=./truststore.jks --trust-store-password=password
Status    : PASSED

Command-2 : shutdown --include-locators=true
Status    : PASSED


BUILD SUCCESSFUL in 3s
2 actionable tasks: 1 executed, 1 up-to-date
user@localhost~/git/geode-examples/clientSecurity ((rel/v1.10.0)):

I've tried on MacOS and I've noticed you're using Windows instead, maybe the problem is caused by the path separator used within the start.gfsh script?.

Can you change the scripts under geode-examples\clientSecurity\scripts to use full paths and give it a try?.

yes, I'm working on Windows. And I tried the two cases, found it still can't start the server no matter the full paths or relative paths. and locator can start on the both ways. more info is in the below post. — Wang Kenneth, Nov 19 '19 at 03:24

score 0 · Answer 2 · answered Nov 19 '19 at 03:37

I changed to full path of locator and server, here is all output:

PS C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security> C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\bin\gfsh.bat run --file=.\scripts\start.gfsh
1. Executing - start locator --name=clocator --bind-address=127.0.0.1 --connect=false  --security-properties-file=******** --classpath=C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\resources\main

......
Locator in C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\clocator on 127.0.0.1[10334] as clocator is currently online.
Process ID: 28816
Uptime: 7 seconds
Geode Version: 9.8.0
Java Version: 1.8.0_161
Log File: C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\clocator\clocator.log
JVM Arguments: -DgemfireSecurityPropertyFile=C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\example_security.properties -Dgemfire.enable-cluster-configuration=true -Dgemfire.load-cluster-configuration-from-dir=false -Dgemfire.launcher.registerSignalHandlers=true -Djava.awt.headless=true -Dsun.rmi.dgc.server.gcInterval=9223372036854775806
Class-Path: C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\lib\geode-core-9.8.0.jar;C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\resources\main;C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\lib\geode-dependencies.jar;C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\extensions\gemfire-greenplum-3.4.1.jar

2. Executing - start server --name=cserver1 --locators=127.0.0.1[10334]  --classpath=C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\resources\main:C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\classes\java\main   --security-properties-file=******** --server-port=0  --user=superUser --password=********

...The Cache Server process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\cserver1 for full details.

Exception in thread "main" org.apache.geode.security.GemFireSecurityException: ExampleSecurityManager: unable to find json resource "example_security.json" as specified by [security-json].
        at org.apache.geode.distributed.ServerLauncher.start(ServerLauncher.java:824)
        at org.apache.geode.distributed.ServerLauncher.run(ServerLauncher.java:716)
        at org.apache.geode.distributed.ServerLauncher.main(ServerLauncher.java:236)


************************* Execution Summary ***********************
Script file: .\scripts\start.gfsh


Command-1 : start locator --name=clocator --bind-address=127.0.0.1 --connect=false  --security-properties-file=example_security.properties --classpath=C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\resources\main
Status    : PASSED




Command-2 : start server --name=cserver1 --locators=127.0.0.1[10334]  --classpath=C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\resources\main:C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\build\classes\java\main   --security-properties-file=./example_security.properties --server-port=0  --user=superUser --password=123
Status    : FAILED

besides, it says

1. Please refer to the log file in C:\Users\hw83770\git\frameworkpoc\rio-geode-cli\client-security\cserver1 for full details

Actually, there is no any log file, and I'm not familiar with the geode source code so dont know how to deal with this.

I'm working the POC of geode, our team need to ensure the geode supports security of client and end points, it's very important, so I'm here for some help.

score 0 · Answer 3 · edited Nov 19 '19 at 14:52

0

I'm still convinced the problem is caused by a problem within your environment, specially the classpath. As you can see here, the start.gfsh script sets the member's classpath to contain ../build/resources/main/, exactly the folder under which the example_security.json file should be located after building the project with Gradle.

I've just noticed that, at the very start of your code snippet, you have C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\bin\gfsh.bat run --file=.\scripts\start.gfsh... why is that?, according to the instructions you should execute $ ../gradlew start under the clientSecurity directory instead. Using C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\bin\gfsh.bat run --file=.\scripts\start.gfsh is basically changing the folder from which the script is executed and, thus, ../build/resources/main/ doesn't point to what it should anymore, this is probably the reason why the example fails.

Last, but not least, you must not mix Pivotal GemFire with Apache Geode, things will probably not work as expected.

edited Nov 19 '19 at 14:52

answered Nov 19 '19 at 08:49

Juan Ramos

1,421
1
8
13

'C:\Users\hw83770\Documents\pivotal-gemfire-9.8.0\bin\gfsh.bat run --file=.\scripts\start.gfsh' is the same with gradle start, because gradle start task commandLine should changed to use bat instead of sh, And I execute the command in the projectDir, – Wang Kenneth Nov 20 '19 at 02:02
I find the reason cause this, the --classpath separator " : " is not working on Windows, so if give only one classpath server will start successful, this also can explain why locator can start. – Wang Kenneth Nov 20 '19 at 02:10
yes, our team are using Gemfire intead of Geode(Gemfire version 9 actually dependency geode**.jar), but gemfire docs are so simple, so I come to the geode community for help and reference. anyway thanks a lot. one more question does geode/gemfire support client async get/put ops? no blocking thread? I don't find any reference. – Wang Kenneth Nov 20 '19 at 17:34
Yeah, I certainly agree in that the Pivotal GemFire documentation is easier to search, no doubts abut, just wanted to empathise in that you must not mix both frameworks as issues might happen in runtime. Regarding async operations, I don't think is supported right now. – Juan Ramos Nov 21 '19 at 09:28
Hi @Juan Ramos, another small problem, it seems every time when I start server with " --start-rest-api=true --http-service-port=8080", it will always create the folder like this "\server1\XXXuser\services\http\0.0.0.0_8080_gemfire-api_59d9e041\webapp", should I delete them every time before start server? or could I make it reuse the webapp folder by some configuration? – Wang Kenneth Dec 04 '19 at 09:49
Hello @WangKenneth, that's not a problem, the server deletes the folder whenever it shutdowns and recreates it upon startup, so you should be fine. Also, and considering that the question in this post has been already answered, I'd suggest to create new posts for any news questions you might have: it helps to stop polluting this thread, and also helps other users hitting the same issue/having the same questions as you. – Juan Ramos Dec 04 '19 at 10:23

geode examples of clientSecurity run failed

3 Answers3