Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-58740

Liferay Index Replication requests IP Address as SAN when using HTTPS only

    Details

      Description

      Steps to Reproduce:
      1) Setup two Tomcat application servers (with Liferay installed) for SSL using:
      https://www.liferay.com/group/customer/kbase/-/knowledge_base/article/14406628

      The only difference is that in step 1 you append the below to the keytool command:

      -ext san=dns:test.com

      2) Ensure that within the server.xml files that the HTTP connector is commented out. Only the HTTPS connector should be available.
      3) Add the following properties to both nodes (make sure they are using the same database) to enable cluster link and lucene replication:

      portal.instance.inet.socket.address=localhost:${portNumberForNode}
      portal.instance.protocol=https
      portal.instance.https.port=${portNumberForNode}
      cluster.link.enabled=true
      ehcache.cluster.link.replication.enabled=true
      lucene.replicate.write=true
      

      Set each

      4) Add the following plugins for the nodes:
      Ehcache Cluster Web

      5) Startup both nodes.
      6) Navigate to Control Panel > Portal Settings
      7) Change the Virtual Host to test.com (add this entry to the hosts file on your OS if need be).
      9) Navigate to Control Panel -> Server Administration -> Reindex all search indexes.
      10) On the first node, once indexing is complete, you should see this message.

      21:20:12,946 INFO [com.liferay.portlet.admin.action.EditServerAction-1][EditServerAction:951] Monitor thread name com.liferay.portlet.admin.action.EditServerAction-1with thread ID 136 unlocked latch. Notified peers to start index loading.

      On the second node, you should see a message in which the method failed to invoke.

      Expected results: The reindex would complete without errors in the other node.

      Actual result: the reindex causes an error on the second node and the replication fails. The error is seen below.

      Errors/Logs:
      Below error occurs on node where reindex is not initiated:

      18:03:01,162 ERROR [Incoming-2,LIFERAY-CONTROL-CHANNEL,dlentapp23-60154][ClusterRequestReceiver:243] Unable to invoke method {arguments=[[J@77ea58f9, dlentapp22-7150], methodKey=com.liferay.portal.search.lucene.cluster.LuceneClusterUtil.loadIndexesFromCluster([J,com.liferay.portal.kernel.cluster.Address)}
      java.lang.reflect.InvocationTargetException
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:597)
              at com.liferay.portal.kernel.util.MethodHandler.invoke(MethodHandler.java:61)
              at com.liferay.portal.cluster.ClusterRequestReceiver.processClusterRequest(ClusterRequestReceiver.java:238)
              at com.liferay.portal.cluster.ClusterRequestReceiver.receive(ClusterRequestReceiver.java:88)
              at org.jgroups.JChannel.invokeCallback(JChannel.java:749)
              at org.jgroups.JChannel.up(JChannel.java:710)
              at org.jgroups.stack.ProtocolStack.up(ProtocolStack.java:1025)
              at org.jgroups.protocols.RSVP.up(RSVP.java:188)
              at org.jgroups.protocols.FRAG2.up(FRAG2.java:181)
              at org.jgroups.protocols.FlowControl.up(FlowControl.java:400)
              at org.jgroups.protocols.FlowControl.up(FlowControl.java:418)
              at org.jgroups.protocols.pbcast.GMS.up(GMS.java:896)
              at org.jgroups.protocols.pbcast.STABLE.up(STABLE.java:245)
              at org.jgroups.protocols.UNICAST2.up(UNICAST2.java:453)
              at org.jgroups.protocols.pbcast.NAKACK2.handleMessage(NAKACK2.java:763)
              at org.jgroups.protocols.pbcast.NAKACK2.up(NAKACK2.java:574)
              at org.jgroups.protocols.VERIFY_SUSPECT.up(VERIFY_SUSPECT.java:147)
              at org.jgroups.protocols.FD_ALL.up(FD_ALL.java:187)
              at org.jgroups.protocols.FD_SOCK.up(FD_SOCK.java:288)
              at org.jgroups.protocols.MERGE3.up(MERGE3.java:290)
              at org.jgroups.protocols.Discovery.up(Discovery.java:359)
              at org.jgroups.protocols.TP.passMessageUp(TP.java:1263)
              at org.jgroups.protocols.TP$IncomingPacket.handleMyMessage(TP.java:1825)
              at org.jgroups.protocols.TP$IncomingPacket.run(TP.java:1793)
              at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:895)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:918)
              at java.lang.Thread.run(Thread.java:662)
      Caused by: com.liferay.portal.kernel.exception.SystemException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.242.98.45 found
              at com.liferay.portal.search.lucene.LuceneHelperImpl.getLoadIndexesInputStreamFromCluster(LuceneHelperImpl.java:485)
              at com.liferay.portal.search.lucene.LuceneHelperUtil.getLoadIndexesInputStreamFromCluster(LuceneHelperUtil.java:337)
              at com.liferay.portal.search.lucene.cluster.LuceneClusterUtil.loadIndexesFromCluster(LuceneClusterUtil.java:57)
              ... 30 more
      Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.242.98.45 found
              at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
              at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1747)
              at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
              at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
              at com
      

      Tested in 6.2.x and reproduced
      Does not occur in trunk, Lucene is not used

      6.2.x commit 02781dc62c3a7fd08fd3e903cac273e35bbbaab8

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Days since last comment:
                  4 years, 5 weeks, 3 days ago

                  Packages

                  Version Package
                  6.2.4 CE GA5
                  6.2.X EE