You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Chesnay Schepler (JIRA)" <ji...@apache.org> on 2018/04/30 12:10:00 UTC
[jira] [Commented] (FLINK-9261) Regression - Flink CLI and Web UI
not working when SSL is enabled
[ https://issues.apache.org/jira/browse/FLINK-9261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16458513#comment-16458513 ]
Chesnay Schepler commented on FLINK-9261:
-----------------------------------------
Currently (in 1.5) {{web.ssl.enabled}} is not respected. this [line|https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/rest/RestServerEndpointConfiguration.java#L158] must be modified to refer to `WebOptions.SSL_ENABLED` instead.
> Regression - Flink CLI and Web UI not working when SSL is enabled
> -----------------------------------------------------------------
>
> Key: FLINK-9261
> URL: https://issues.apache.org/jira/browse/FLINK-9261
> Project: Flink
> Issue Type: Bug
> Components: Client, Network, Web Client
> Affects Versions: 1.5.0
> Reporter: Edward Rojas
> Priority: Blocker
> Labels: regression
> Fix For: 1.5.0
>
>
> When *security.ssl.enabled* config is set to true, Web UI is no longer reachable; there is no logs on jobmanager.
>
> When setting *web.ssl.enabled* to false (keeping security.ssl.enabled to true), the dashboard is not reachable and there is the following exception on jobmanager:
> {code:java}
> WARN org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint - Unhandled exception
> org.apache.flink.shaded.netty4.io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73743a383038310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31335f3329204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f36352e302e333332352e313831205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e380d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c2062720d0a4163636570742d4c616e67756167653a20656e2c656e2d47423b713d302e392c65732d3431393b713d302e382c65733b713d302e372c66722d46523b713d302e362c66723b713d302e350d0a436f6f6b69653a20496465612d39326365626136363d39396464633637632d613838382d346439332d396166612d3737396631373636326264320d0a49662d4d6f6469666965642d53696e63653a205468752c2032362041707220323031382031313a30313a313520474d540d0a0d0a
> at org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:940)
> at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:315)
> at org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:229)
> at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
> at org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
> at org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:847)
> at org.apache.flink.shaded.netty4.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
> at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
> at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
> at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
> at org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
> at org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
> at org.apache.flink.shaded.netty4.io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> Also when trying to use the Flink CLI, it get stuck on "Waiting for response..." and there is no error messages on jobmanager. None of the commands works, list, run etc.
>
> Taskmanagers are able to registrate to Jobmanager, so the SSL configuration is good.
>
> SSL configuration:
> security.ssl.enabled: true
> security.ssl.keystore: /path/to/keystore
> security.ssl.keystore-password: xxxx
> security.ssl.key-password: xxxx
> security.ssl.truststore: /path/to/truststore
> security.ssl.truststore-password: xxxx
> web.ssl.enabled: false
> This same configuration works perfectly on Flink 1.4.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)