Proposal - encrypted cache
by Sebastian Laskawiec
Hey!
A while ago I stumbled upon [1]. The article talks about encrypting data
before they reach the server, so that the server doesn't know how to
decrypt it. This makes the data more secure.
The idea is definitely not new and I have been asked about something
similar several times during local JUGs meetups (in my area there are lots
of payments organizations who might be interested in this).
Of course, this can be easily done inside an app, so that it encrypts the
data and passes a byte array to the Hot Rod Client. I'm just thinking about
making it a bit easier and adding a default encryption/decryption mechanism
to the Hot Rod client.
What do you think? Does it make sense?
Thanks
Sebastian
[1] https://eprint.iacr.org/2016/920.pdf
6 years, 6 months
Maintenance of OpenShift templates
by Galder Zamarreño
Hi,
Looking at [1] and I'm wondering why the templates have to maintain a
different XML file for OpenShift?
We already ship an XML in the server called `cloud.xml`, that should
just work. Having a separate XML file in the templates means we're
duplicating the maintainance of XML files.
Also, users can now create caches programmatically. This is by far the
most common tweak that had to be done to the config. So, I see the
urgency to change XML files less immediate.
Sure, there will always be people who modify/tweak things and that's
fine. We should however show the people how to do that in a way that
doesn't require us to duplicate our maintanence work.
Also, if we want to show the users how to use a custom XML file, I don't
think we should show them how to embedd it in the template as JSON
[2]. It's quite a pain. Instead, the XML should be kept as a separate
file and the JSON file reference it.
Cheers,
[1]
https://github.com/infinispan/infinispan-openshift-templates/pull/16/files
[2] https://github.com/infinispan/infinispan-openshift-templates#maintenance-...
6 years, 8 months
9.2 EmbeddedCacheManager blocked at shutdown
by Thomas SEGISMONT
Hi everyone,
I am working on integrating Infinispan 9.2.Final in vertx-infinispan.
Before merging I wanted to make sure the test suite passed but it doesn't.
It's not the always the same test involved.
In the logs, I see a lot of messages like "After merge (or coordinator
change), cache still hasn't recovered a majority of members and must stay
in degraded mode.
The context involved are "___counter_configuration" and
"org.infinispan.LOCKS"
Most often it's harmless but, sometimes, I also see this exception
"ISPN000210: Failed to request state of cache"
Again the cache involved is either "___counter_configuration" or
"org.infinispan.LOCKS"
After this exception, the cache manager is unable to stop. It blocks in
method "terminate" (join on cache future).
I thought the test suite was too rough (we stop all nodes at the same
time). So I changed it to make sure that:
- nodes start one after the other
- a new node is started only when the previous one indicates HEALTHY status
- nodes stop one after the other
- a node is stopped only when it indicates HEALTHY status
Pretty much what we do on Kubernetes for the readiness check actually.
But it didn't get any better.
Attached are the logs of such a failing test.
Note that the Vert.x test itself does not fail, it's only when closing
nodes that we have issues.
Here's our XML config:
https://github.com/vert-x3/vertx-infinispan/blob/ispn92/src/main/resource...
Does that ring a bell? Do you need more info?
Regards,
Thomas
6 years, 9 months
Public cluster discovery service
by Sebastian Laskawiec
Hey Bela,
I've just stumbled upon this:
https://coreos.com/os/docs/latest/cluster-discovery.html
The Etcd folks created a public discovery service. You need to use a token
and get a discovery string back. I believe that's super, super useful for
demos across multiple public clouds.
What do you think about that? Perhaps we could implement an ETCD_PING and
just reuse their service or write our own?
Thanks,
Seb
6 years, 9 months
Problem with equal configuration of Cassandra for two caches
by Sergey Chernolyas
Hi!
I faced with problem then I have two caches that uses Cassandra Store. Each
store has own configuration. But ... They uses one configuration of last
loaded cache.
--
---------------------
With best regards, Sergey Chernolyas
6 years, 9 months
Release Announcement: General Availability of JDK 10
by Rory O'Donnell
Hi Galder,
A number of items to share with you today :
*1) JDK 10 General Availability *
JDK 10, the first release produced under the six-month rapid-cadence
release model [1][2], is now Generally Available.
We've identified no P1 bugs since we promoted build 46 almost two weeks
ago, so that is the official GA release, ready for production use.
GPL'd binaries from Oracle are available here: http://jdk.java.net/10
This release includes twelve features:
* 286: Local-Variable Type Inference <http://openjdk.java.net/jeps/286>
* 296: Consolidate the JDK Forest into a Single Repository
<http://openjdk.java.net/jeps/296>
* 304: Garbage-Collector Interface <http://openjdk.java.net/jeps/304>
* 307: Parallel Full GC for G1 <http://openjdk.java.net/jeps/307>
* 310: Application Class-Data Sharing <http://openjdk.java.net/jeps/310>
* 312: Thread-Local Handshakes <http://openjdk.java.net/jeps/312>
* 313: Remove the Native-Header Generation Tool (javah)
<http://openjdk.java.net/jeps/313>
* 314: Additional Unicode Language-Tag Extensions
<http://openjdk.java.net/jeps/314>
* 316: Heap Allocation on Alternative Memory Devices
<http://openjdk.java.net/jeps/316>
* 317: Experimental Java-Based JIT Compiler
<http://openjdk.java.net/jeps/317>
* 319: Root Certificates <http://openjdk.java.net/jeps/319>
* 322: Time-Based Release Versioning <http://openjdk.java.net/jeps/322>
*2) JDK 11 EA build 5, under both the GPL and Oracle EA licenses, are
now available at **http://jdk.java.net/11**.*
* Schedule, status & features
o http://openjdk.java.net/projects/jdk/11/
* Release Notes:
o http://jdk.java.net/11/release-notes
* Summary of changes
o https://download.java.net/java/early_access/jdk11/5/jdk-11+5.html
*3) The Z Garbage Collector Project, early access builds available : *
The first EA binary from from The Z Garbage Collector Project, also
known as ZGC, is now available. ZGC is a scalable low latency garbage
collector. For information on how to enable and use ZGC, please see the
project wiki.
* Project page: http://openjdk.java.net/projects/zgc/
* Wiki: https://wiki.openjdk.java.net/display/zgc/Main
*4) Quality Outreach Report for **March 2018 **is available
*
* https://wiki.openjdk.java.net/display/quality/Quality+Outreach+report+Mar...
*5) **Java Client Roadmap Update
*
* We posted a blog [3] and related white paper [4] detailing our plans
for the Java Client.
Rgds,Rory
[1] https://mreinhold.org/blog/forward-faster
[2]
http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
[3] Blog:
https://blogs.oracle.com/java-platform-group/the-future-of-javafx-and-oth...
[4] Whitepaper:
http://www.oracle.com/technetwork/java/javase/javaclientroadmapupdate2018...
--
Rgds,Rory O'Donnell
Quality Engineering Manager
Oracle EMEA , Dublin, Ireland
6 years, 10 months
[OGM] Reasonable file safe storage defaults?
by Sanne Grinovero
Hi all,
we're updating Hibernate OGM to Infinispan 9.2, using now persisted counters.
To help people getting started, we include a default Infinispan
configuration which is suitable for OGM:
- clustering enabled
- transactions enabled
- counters enabled
Of course being a general purpose default it won't be perfect but I'd
like it to be a fairly safe default to give people confidence.
What would you all think regarding:
<global-state>
<persistent-location path="${java.io.tmpdir}/counters"/>
</global-state>
# Using /tmp?
We might want to pick an "Infinispan default path, something like
"/var/infinispan" for unix systems?
This might complicate the "easy default" as it would then require user
permissions to write in such a path.
# Is it consistent?
Does it even make sense to store the counters when we have no default
cachestore for the rest of the data?
Should we enable a File CacheStore by default, which path to use?
# Should Infinispan have such defaults?
Rather than coding in OGM an attempt to write to /var/infinispan
followed with user friendly warnings/errors and possibly a fallback,
should Infinispan include such logic?
Thanks,
Sanne
6 years, 10 months
HTTP/2 and REST
by Sebastian Laskawiec
Hey Infinispan Community,
I've just published a blog post about HTTP/2 support in Infinispan:
http://bit.ly/infinispan-http2
Have fun and drop me a message if you have any comments.
Thanks,
Sebastian
6 years, 10 months
