You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@beam.apache.org by bits horoscope <bi...@gmail.com> on 2020/08/28 00:42:20 UTC
Handshake_failure running a Dataflow pipeline
Hello, Apache Beam community!
Hope everything goes ok at this time.
I write to you asking for your guide and help. I have been facing some
problems accessing HTTPS resources from a pipeline deployed in Dataflow.
The problem occurs only when I run with DataflowRunner, the DirectRunner is
working ok.
The associated exception is:
handshake_failure. Stack
[sun.security.ssl.Alerts.getSSLException(Alerts.java:192),
sun.security.ssl.Alerts.getSSLException(Alerts.java:154),
sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2033),
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135),
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385),
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
I found this post at Stackoverflow which describes my problem perfectly:
https://stackoverflow.com/questions/59128640/sslhandshakeexception-when-running-apache-beam-pipeline-in-dataflow,
but the proposed solution doesn't work for me. Maybe I'm missing something.
Basically I changed the Apache HttpClient to the Google HttpClient, but it
still isn't working. Here is the code I've tried.
*private* *void* outputProcess(ProcessContext pc, T img) *throws* Exception
{
StomachStreamerOptions opts = pc
.getPipelineOptions().as(StomachStreamerOptions.*class*);
NetHttpTransport.Builder builder = *new* NetHttpTransport.Builder();
builder.setSslSocketFactory(*createSslSocketFactory*());
JsonFactory JSON_FACTORY = *new* JacksonFactory();
String urlImage = img.getURLImage();
HttpRequestFactory requestFactory = builder.build().createRequestFactory(
*new* HttpRequestInitializer() {
@Override
*public* *void* initialize(HttpRequest request) {
request.setParser(*new* JsonObjectParser(JSON_FACTORY));
}
});
GenericUrl url = *new* GenericUrl(urlImage);
HttpRequest request = requestFactory.buildGetRequest(url);
HttpHeaders headers = *new* HttpHeaders();
headers.setUserAgent(opts.getUserAgentImages());
request.setHeaders(headers);
*try* {
HttpResponse res = request.execute();
*this*.outputProcess(pc, img, res);
} *catch* (Exception e) {
reportError(e);
}
}
*private* *static* SSLSocketFactory createSslSocketFactory()
*throws* Exception
{
TrustManager[] byPassTrustManagers = *new*
TrustManager[]{*new* X509TrustManager()
{
*public* X509Certificate[] getAcceptedIssuers() {
*return* *new* X509Certificate[0];
}
*public* *void* checkClientTrusted(X509Certificate[] chain,
String authType) {
}
*public* *void* checkServerTrusted(X509Certificate[] chain,
String authType) {
}
}};
SSLContext sslContext = SSLContext.*getInstance*("TLSv1.2");
sslContext.init(*null*, byPassTrustManagers, *new* SecureRandom());
*return* sslContext.getSocketFactory();
}
Things I've tried:
- HttpClient Apache 4.5.1
- HttpClient Google 1.11
- Skip the certificate validation (permit all, just for testing. Not
working.)
I'm starting to think that maybe the problem is not on my code. Maybe is
beyond; the infrastructure, the CIPHER_SUITE is not allowed by Dataflow...
I don't know, just guess.
What I'm using:
- Java 8 (1.8.0_144)
- Apache Beam 2.9 (Jeje, I'm planning to upgrade it soon)
Thanks for reading my question. I will appreciate any idea that can put me
in the correct direction.
Andy