Comments (5)
After restarting pod, configmap appears to work, but you can't log in with your user name and password, and an error occurs when you log in with sdk tls:
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ~[?:1.8.0_382] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127) ~[?:1.8.0_382] at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_382] at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451) ~[?:1.8.0_382] at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323) ~[?:1.8.0_382] at sun.security.validator.Validator.validate(Validator.java:271) ~[?:1.8.0_382] at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315) ~[?:1.8.0_382] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278) ~[?:1.8.0_382] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141) ~[?:1.8.0_382] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1334) ~[?:1.8.0_382] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231) ~[?:1.8.0_382] at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1174) ~[?:1.8.0_382] at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) ~[?:1.8.0_382] at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) ~[?:1.8.0_382] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:981) ~[?:1.8.0_382] at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:968) ~[?:1.8.0_382] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_382] at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:915) ~[?:1.8.0_382] at io.netty.handler.ssl.SslHandler$SslTasksRunner.run(SslHandler.java:1785) ~[netty-handler-4.1.72.Final.jar:4.1.72.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_382] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_382] at java.lang.Thread.run(Thread.java:750) ~[?:1.8.0_382]
from milvus-sdk-java.
Follow the description of TLS example:
from milvus-sdk-java.
The following steps are an example of using docker-compose to launch a milvus cluster locally with tls configurations.
-
Download this zip file to a local folder, and extract it. There are docker-compose.yaml, milvus.yaml and a "tls" folder in it.
233.zip -
cd into the "tls" folder, generate the certification files
chmod +x gen.sh
./gen.sh
-
cd to the folder extracted by the 233.zip
docker-compose up -d
you will see a local cluster is started -
use java sdk to connect the server
ConnectParam connectParam = ConnectParam.newBuilder()
.withHost("localhost")
.withPort(19530)
.withServerName("localhost")
.withServerPemPath("[the extracted folder path]/tls/server.pem")
.build();
MilvusServiceClient milvusClient = new MilvusServiceClient(connectParam);
R<CheckHealthResponse> health = milvusClient.checkHealth();
if (health.getStatus() != R.Status.Success.getCode()) {
throw new RuntimeException(health.getMessage());
} else {
System.out.println(health);
}
from milvus-sdk-java.
The key points:
- In the docker-compose.yaml, the milvus.yaml is mapped to the ourside milvus.yaml, the internal certification file path "/milvus/configs/cert" is mapped to the outside "tls" folder
proxy:
volumes:
- ${DOCKER_VOLUME_DIRECTORY:-.}/milvus.yaml:/milvus/configs/milvus.yaml
- ${DOCKER_VOLUME_DIRECTORY:-.}/tls:/milvus/configs/cert
- In the outside milvus.yaml, tls paths and tls mode is configurated:
common:
security:
tlsMode: 1 # 1 is one-way tls
tls:
serverPemPath: /milvus/configs/cert/server.pem
serverKeyPath: /milvus/configs/cert/server.key
caPemPath: /milvus/configs/cert/ca.pem
- In the client java code, the correct file is specified:
ConnectParam connectParam = ConnectParam.newBuilder()
.withHost("localhost")
.withPort(19530)
.withServerName("localhost")
.withServerPemPath("[the extracted folder path]/tls/server.pem")
from milvus-sdk-java.
If you need two-way tls:
- set the tlsMode to 2 in the milvus.yaml:
common:
security:
tlsMode: 2
- specify the required certification files in the client java code
ConnectParam connectParam = ConnectParam.newBuilder()
.withHost("localhost")
.withPort(19530)
.withServerName("localhost")
.withCaPemPath("[the extracted folder path]/tls/ca.pem")
.withClientKeyPath("[the extracted folder path]/tls/client.key")
.withClientPemPath("[the extracted folder path]/tls/client.pem")
.build();
MilvusServiceClient milvusClient = new MilvusServiceClient(connectParam);
from milvus-sdk-java.
Related Issues (20)
- Insert/Upsert interfaces lose dynamic fields? HOT 9
- some partitions [aaaa] of collection vvvv has been loaded into QueryNode, please release partitions firstly[LoadParameterMismatched] HOT 1
- set vector less than 1024 error HOT 5
- [chore] update dependancy on grpc-netty HOT 4
- The latest (milvus-sdk-java:2.3.3) is flagged with several security vulnerabilities, all due to an outdated GRPC stack (1.46.0) HOT 4
- Run faild:io.grpc.StatusRuntimeException: UNKNOWN HOT 6
- Error occurred after version upgrade HOT 10
- [BUG]: Compatibility issue--Create index repeatedly,return error:‘ CreateIndexRequest RPC failed! io.grpc.StatusRuntimeException: CANCELLED: Failed to read message.’ HOT 2
- [BUG]: Compatibility issue--Flush retrun:'FlushRequest RPC failed!io.grpc.StatusRuntimeException: CANCELLED: Failed to read message.' HOT 2
- [Proposal] Changing log level to capture requestParam HOT 1
- loadCollection and releaseCollection ,Can resource isolation be ensured when calling multiple threads simultaneously HOT 2
- Scalar Field Index Type Selection
- Create index parameters problem for scalar HOT 3
- How to know collection had loaded via SDK? HOT 1
- How to truncate all collection data HOT 2
- How to set default values for scalar fields HOT 2
- Does it support transactions HOT 1
- 2.3版本sdk和xxxjob有jar包冲突 HOT 9
- ANN 查询数据 id返回值错误 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from milvus-sdk-java.