You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/12/26 09:34:40 UTC
[GitHub] [pulsar] yanshuchong commented on issue #9066: can i open TLS when using AuthenticationToken Auth with pulsarAdminAPI
yanshuchong commented on issue #9066:
URL: https://github.com/apache/pulsar/issues/9066#issuecomment-751338747
Something interesting.
1、 i register meta data with :
bin/pulsar initialize-cluster-metadata \
--cluster pulsar-cluster-1 \
--zookeeper 10.33.50.42:2281,10.33.50.44:2281,10.33.50.54:2281 \
--configuration-store 10.33.50.42:2281,10.33.50.44:2281,10.33.50.54:2281 \
--web-service-url http://10.33.50.40:8080,10.33.50.64:8080,10.33.50.97:8080 \
--web-service-url-tls https://10.33.50.40:8443,10.33.50.64:8443,10.33.50.97:8443 \
--broker-service-url pulsar://10.33.50.40:6650,10.33.50.64:6650,10.33.50.97:6650
2、i rewrite my auth provider support SCRAM-SHA256 (pulsarClient 6650) and oauth2 token auth (PulsarAdminClient 8080), and it work fine now
3、i want to use TLS just for pulsarAdminClient (8443,tokenAuth)
for broker ,i do not change anyconfig
for admin client ,i change my code from
`PulsarAdminBuilder pulsarAdminBuilder = PulsarAdmin.builder().serviceHttpUrl("http://10.33.50.40:8080");`
to
`PulsarAdminBuilder pulsarAdminBuilder = PulsarAdmin.builder().serviceHttpUrl("https://10.33.50.40:8443");`
4、request is success first then output error when request to another server
` List<String> brokers = adminClient.brokers().getActiveBrokers("pulsar-cluster-1");
System.out.println("current brokers : " + brokers);
for (String brokerUrl : brokers) {
System.out.println("current broker : " + brokerUrl + "-->"
+ adminClient.brokers().getOwnedNamespaces("pulsar-cluster-1", brokerUrl));
}
BrokerStats brokerstat = adminClient.brokerStats();
System.out.println(brokerstat.getPendingBookieOpsStats());
System.out.println(brokerstat.getLoadReport().getMsgRateIn());
System.out.println(brokerstat.getMetrics());`
output
`current brokers : [10.33.50.40:8080, 10.33.50.64:8080, 10.33.50.97:8080]
current broker : 10.33.50.40:8080-->{www/mynamespace2/0x80000000_0xc0000000=[broker_assignment=shared is_controlled=false is_active=true], WiseCloudDMQService/WiseCloudDMQAdminPortal/0x00000000_0x40000000=[broker_assignment=shared is_controlled=false is_active=true], WiseCloudDMQService/WiseCloudDMQAminService/0x40000000_0x80000000=[broker_assignment=shared is_controlled=false is_active=true], pulsar/pulsar-cluster-1/10.33.50.40:8080/0x00000000_0xffffffff=[broker_assignment=shared is_controlled=false is_active=true], WiseCloudDMQService/WiseCloudDMQAminService/0x00000000_0x40000000=[broker_assignment=shared is_controlled=false is_active=true], WiseCloudDMQService/WiseCloudDMQAdminPortal/0x80000000_0xc0000000=[broker_assignment=shared is_controlled=false is_active=true]}
Exception in thread "main" org.apache.pulsar.client.admin.PulsarAdminException: java.util.concurrent.CompletionException: org.apache.pulsar.client.admin.internal.http.AsyncHttpConnector$RetryException: Could not complete the operation. Number of retries has been exhausted. Failed reason: not an SSL/TLS record: 485454502f312e312034303020496c6c6567616c2063686172616374657220434e544c3d307831360d0a436f6e74656e742d547970653a20746578742f68746d6c3b636861727365743d69736f2d383835392d310d0a436f6e74656e742d4c656e6774683a2037300d0a436f6e6e656374696f6e3a20636c6f73650d0a5365727665723a204a6574747928392e342e33332e763230323031303230290d0a0d0a3c68313e426164204d657373616765203430303c2f68313e3c7072653e726561736f6e3a20496c6c6567616c2063686172616374657220434e544c3d307831363c2f7072653e
at org.apache.pulsar.client.admin.internal.BaseResource.getApiException(BaseResource.java:233)
at org.apache.pulsar.client.admin.internal.BrokersImpl$2.failed(BrokersImpl.java:110)
at org.glassfish.jersey.client.JerseyInvocation$1.failed(JerseyInvocation.java:839)
at org.glassfish.jersey.client.ClientRuntime.processFailure(ClientRuntime.java:247)
at org.glassfish.jersey.client.ClientRuntime.processFailure(ClientRuntime.java:242)
at org.glassfish.jersey.client.ClientRuntime.access$100(ClientRuntime.java:62)
at org.glassfish.jersey.client.ClientRuntime$2.lambda$failure$1(ClientRuntime.java:178)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:248)
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:244)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:244)
at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:288)
at org.glassfish.jersey.client.ClientRuntime$2.failure(ClientRuntime.java:178)
at org.apache.pulsar.client.admin.internal.http.AsyncHttpConnector.lambda$apply$1(AsyncHttpConnector.java:204)
at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:760)
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:736)
at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1977)
at org.apache.pulsar.client.admin.internal.http.AsyncHttpConnector.lambda$retryOperation$3(AsyncHttpConnector.java:246)
at java.util.concurrent.CompletableFuture.uniWhenComplete(CompletableFuture.java:760)
at java.util.concurrent.CompletableFuture$UniWhenComplete.tryFire(CompletableFuture.java:736)
at java.util.concurrent.CompletableFuture.postComplete(CompletableFuture.java:474)
at java.util.concurrent.CompletableFuture.completeExceptionally(CompletableFuture.java:1977)
at org.asynchttpclient.netty.NettyResponseFuture.abort(NettyResponseFuture.java:273)
at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:181)
at org.asynchttpclient.netty.channel.NettyConnectListener$1.onFailure(NettyConnectListener.java:151)
at org.asynchttpclient.netty.SimpleFutureListener.operationComplete(SimpleFutureListener.java:26)
at io.netty.util.concurrent.DefaultPromise.notifyListener0(DefaultPromise.java:577)
at io.netty.util.concurrent.DefaultPromise.notifyListeners0(DefaultPromise.java:570)
at io.netty.util.concurrent.DefaultPromise.notifyListenersNow(DefaultPromise.java:549)
at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:490)
at io.netty.util.concurrent.DefaultPromise.setValue0(DefaultPromise.java:615)
at io.netty.util.concurrent.DefaultPromise.setFailure0(DefaultPromise.java:608)
at io.netty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:117)
at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1849)
at io.netty.handler.ssl.SslHandler.setHandshakeFailure(SslHandler.java:1818)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1259)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1322)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:501)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:440)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.util.concurrent.CompletionException: org.apache.pulsar.client.admin.internal.http.AsyncHttpConnector$RetryException: Could not complete the operation. Number of retries has been exhausted. Failed reason: not an SSL/TLS record: 485454502f312e312034303020496c6c6567616c2063686172616374657220434e544c3d307831360d0a436f6e74656e742d547970653a20746578742f68746d6c3b636861727365743d69736f2d383835392d310d0a436f6e74656e742d4c656e6774683a2037300d0a436f6e6e656374696f6e3a20636c6f73650d0a5365727665723a204a6574747928392e342e33332e763230323031303230290d0a0d0a3c68313e426164204d657373616765203430303c2f68313e3c7072653e726561736f6e3a20496c6c6567616c2063686172616374657220434e544c3d307831363c2f7072653e
at java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:292)
at java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:308)
at java.util.concurrent.CompletableFuture.orApply(CompletableFuture.java:1371)
at java.util.concurrent.CompletableFuture$OrApply.tryFire(CompletableFuture.java:1350)
... 41 more
Caused by: org.apache.pulsar.client.admin.internal.http.AsyncHttpConnector$RetryException: Could not complete the operation. Number of retries has been exhausted. Failed reason: not an SSL/TLS record: 485454502f312e312034303020496c6c6567616c2063686172616374657220434e544c3d307831360d0a436f6e74656e742d547970653a20746578742f68746d6c3b636861727365743d69736f2d383835392d310d0a436f6e74656e742d4c656e6774683a2037300d0a436f6e6e656374696f6e3a20636c6f73650d0a5365727665723a204a6574747928392e342e33332e763230323031303230290d0a0d0a3c68313e426164204d657373616765203430303c2f68313e3c7072653e726561736f6e3a20496c6c6567616c2063686172616374657220434e544c3d307831363c2f7072653e
at org.apache.pulsar.client.admin.internal.http.AsyncHttpConnector.lambda$retryOperation$3(AsyncHttpConnector.java:248)
... 38 more
Caused by: java.net.ConnectException: not an SSL/TLS record: 485454502f312e312034303020496c6c6567616c2063686172616374657220434e544c3d307831360d0a436f6e74656e742d547970653a20746578742f68746d6c3b636861727365743d69736f2d383835392d310d0a436f6e74656e742d4c656e6774683a2037300d0a436f6e6e656374696f6e3a20636c6f73650d0a5365727665723a204a6574747928392e342e33332e763230323031303230290d0a0d0a3c68313e426164204d657373616765203430303c2f68313e3c7072653e726561736f6e3a20496c6c6567616c2063686172616374657220434e544c3d307831363c2f7072653e
at org.asynchttpclient.netty.channel.NettyConnectListener.onFailure(NettyConnectListener.java:179)
... 32 more
Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 485454502f312e312034303020496c6c6567616c2063686172616374657220434e544c3d307831360d0a436f6e74656e742d547970653a20746578742f68746d6c3b636861727365743d69736f2d383835392d310d0a436f6e74656e742d4c656e6774683a2037300d0a436f6e6e656374696f6e3a20636c6f73650d0a5365727665723a204a6574747928392e342e33332e763230323031303230290d0a0d0a3c68313e426164204d657373616765203430303c2f68313e3c7072653e726561736f6e3a20496c6c6567616c2063686172616374657220434e544c3d307831363c2f7072653e
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1254)
... 20 more
`
i dump the network traffic
1、client --> server1 with 8443
2、client connect to server2 with 8080 ,so i fault with not an SSL/TLS record:
How to resolve this issue???
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org