You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "SunShun (Jira)" <ji...@apache.org> on 2022/06/15 07:22:00 UTC

[jira] [Commented] (FLINK-28069) Cannot attach SSL JKS file for Kafka connector

    [ https://issues.apache.org/jira/browse/FLINK-28069?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17554420#comment-17554420 ] 

SunShun commented on FLINK-28069:
---------------------------------

[~martijnvisser] Thanks for the kind info.

> Cannot attach SSL JKS file for Kafka connector
> ----------------------------------------------
>
>                 Key: FLINK-28069
>                 URL: https://issues.apache.org/jira/browse/FLINK-28069
>             Project: Flink
>          Issue Type: Bug
>    Affects Versions: 1.14.4
>         Environment: Flink on Yarn, session mode
>            Reporter: SunShun
>            Priority: Major
>
> Hi, I intend to connect to a SSL enabled Kafka, which require to attach JKS file for truststore and keystore, then I am trying to use the keyword {*}-yt, yarnship{*}, to pass the JKS files, and it's expected to find the find under the classpath of job manager or task manager.
> {code:java}
> val truststore_path = "client.truststore.jks"
> val keystore_path = "client.keystore.jks"
> val source_ddl =
> s"""
> CREATE TABLE source_table(
> `id` BIGINT,
> `time` TIMESTAMP(3)
> ) WITH (
> 'connector' = 'kafka',
> ...
> 'properties.security.protocol' = 'SSL',
> 'properties.ssl.truststore.location' = '$truststore_path',
> 'properties.ssl.truststore.password' = '$truststore_pwd',
> 'properties.ssl.keystore.location' = '$keystore_path',
> 'properties.ssl.keystore.password' = '$keystore_pwd',
> 'scan.startup.mode' = 'latest-offset',
> 'format' = 'json'
> )
> """ {code}
> I am using the session mode to launch the job as below:
> {code:java}
> ./bin/yarn-session.sh --detached
> ./bin/flink run ./job/finance-libra-stats-1.0.jar -yt ./client.keystore.jks ./client.truststore.jks{code}
> However, the FileNotFound exception is given when the job initiates, saying that the JKS files is not found from job manager.
> {code:java}
> Caused by: java.nio.file.NoSuchFileException: client/client.keystore.jks    at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)    at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)    at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)    at java.nio.file.Files.newByteChannel(Files.java:361)    at java.nio.file.Files.newByteChannel(Files.java:407)    at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)    at java.nio.file.Files.newInputStream(Files.java:152)    at org.apache.kafka.common.security.ssl.SslEngineBuilder$SecurityStore.load(SslEngineBuilder.java:285)    ... 21 more {code}
> Anyone can help tell what's the best practice for such case, and any mistake I meet during the process.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)