Connecting to a RHDG server via route from Hot rod client deployed outside OCP via Route
Environment
- Red hat OpenShift Container Platform (OCP)
- 4.x
- Red Hat Data Grid (RHDG)
- 8.x
- expose type route
Issue
Error in client logs while connecting to Red Hat Data Grid server.
ERROR 35764 --- [ XNIO-2 task-3] c.a.d.c.c.m.u.RemoteHotRodClient : ### processCacheOperation : named cache = product-from-template invoked for operation = INFINSPAN_OPERATION_GET with key = products for host = datagrid-cache-external-test.apps.com encountered runtime exception = org.infinispan.client.hotrod.exceptions.TransportException:: ISPN004077: Closing channel [id: 0x68fd1895, L:/10.34.204.183:53050 - R:datagrid-cache-external-test.apps.com/10.xx.xx.xx:443] due to error in unknown operation.
org.infinispan.client.hotrod.exceptions.TransportException: org.infinispan.client.hotrod.exceptions.TransportException:: ISPN004077: Closing channel [id: 0x68fd1895, L:/10.34.204.183:53050 - R:datagrid-cache-external-test.apps.com/10.xx.xx.xx:443] due to error in unknown operation.
...
Caused by: io.netty.handler.codec.DecoderException: org.infinispan.client.hotrod.exceptions.InvalidResponseException:: Invalid magic number. Expected 0xa1 and received 0x48
at org.infinispan.client.hotrod.impl.transport.netty.HintedReplayingDecoder.callDecode(HintedReplayingDecoder.java:129) ~[infinispan-client-hotrod-9.4.18.Final-redhat-00001.jar:9.4.18.Final-redhat-00001]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276) ~[netty-codec-4.1.48.Final-redhat-00001.jar:4.1.48.Final-redhat-00001]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) ~[netty-transport-4.1.48.Final-redhat-00001.jar:4.1.48.Final-redhat-00001]
... 29 more
Caused by: org.infinispan.client.hotrod.exceptions.InvalidResponseException: Invalid magic number. Expected 0xa1 and received 0x48
- Unable to connect to RHDG deployed on Openshift via Re-encrypt route for external hot rod client access.
Resolution
As explained in DG Operator Expose, RHDG only supports passthrough encryption.
The DG operator will create a passthrough route, not edge nor re-encrypt.
DG doesn't support re-encrypt nor will it work with the HotRod policy as we expose REST and HotRod protocols on a single-port using ALPN to determine the protocol to be used. Furthermore, re-encrpt routes do not allow for client-certificate authentication.
Content from github.com is not included.Sample hot rod client code is available which can be tested using following code:
builder.addServer()
.host("<passthrough_route_of_DG>").port(443).security().authentication()
.username("developer").password("xxxxx").realm("default").saslMechanism("DIGEST-MD5").ssl()
.sniHostName("<passthrough_route_of_DG>")
.trustStorePath("/path/of/tls.crt").clientIntelligence(ClientIntelligence.BASIC);
// Connect to the server
RemoteCacheManager cacheManager = new RemoteCacheManager(builder.build());
// Create test cache, if such does not exist
cacheManager.administration().withFlags(CacheContainerAdmin.AdminFlag.VOLATILE).getOrCreateCache("test", DefaultTemplate.DIST_SYNC);
// Obtain the remote cache
RemoteCache<String, String> cache = cacheManager.getCache("test");
/// Store a value
cache.put("key", "value");
// Retrieve the value and print it out
System.out.printf("key = %s\n", cache.get("key"));
Root Cause
RHDG only supports passthrough encryption.
This is explained in details on the solution Data Grid 8 Operator Exposition Route vs NodePort vs LoadBalancer in Openshift 4 .
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.