You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/06/19 10:19:34 UTC
[GitHub] [pulsar] dongschao opened a new issue #7314: config function authorization
dongschao opened a new issue #7314:
URL: https://github.com/apache/pulsar/issues/7314
#### Expected behavior
help me, thinks ,when i make functionsWorkerEnabled=true ,i have this problem:
``17:52:38.014 [AsyncHttpClient-53-1] WARN org.apache.pulsar.client.admin.internal.BaseResource - [http://172.0.34.35:8080/admin/v2/persistent/public/functions/assignments] Failed to perform http put request: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized
17:52:38.021 [main] ERROR org.apache.pulsar.functions.worker.WorkerService - Error Starting up in worker
org.apache.pulsar.client.admin.PulsarAdminException$NotAuthorizedException: HTTP 401 Unauthorized
at org.apache.pulsar.client.admin.internal.BaseResource.getApiException(BaseResource.java:212) ~[org.apache.pulsar-pulsar-client-admin-original-2.5.2.jar:2.5.2]
at org.apache.pulsar.client.admin.internal.BaseResource$1.failed(BaseResource.java:130) ~[org.apache.pulsar-pulsar-client-admin-original-2.5.2.jar:2.5.2]
at org.glassfish.jersey.client.JerseyInvocation$4.failed(JerseyInvocation.java:1030) ~[org.glassfish.jersey.core-jersey-client-2.27.jar:?]
at org.glassfish.jersey.client.JerseyInvocation$4.completed(JerseyInvocation.java:1017) ~[org.glassfish.jersey.core-jersey-client-2.27.jar:?]
at org.glassfish.jersey.client.ClientRuntime.processResponse(ClientRuntime.java:227) ~[org.glassfish.jersey.core-jersey-client-2.27.jar:?]
at org.glassfish.jersey.client.ClientRuntime.access$200(ClientRuntime.java:85) ~[org.glassfish.jersey.core-jersey-client-2.27.jar:?]
at org.glassfish.jersey.client.ClientRuntime$2.lambda$response$0(ClientRuntime.java:178) ~[org.glassfish.jersey.core-jersey-client-2.27.jar:?]
at org.glassfish.jersey.client.ClientRuntime$2$$Lambda$374/2141634457.run(Unknown Source) ~[?:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:272) ~[org.glassfish.jersey.core-jersey-common-2.27.jar:?]
at org.glassfish.jersey.internal.Errors$1.call(Errors.java:268) ~[org.glassfish.jersey.core-jersey-common-2.27.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:316) ~[org.glassfish.jersey.core-jersey-common-2.27.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:298) ~[org.glassfish.jersey.core-jersey-common-2.27.jar:?]
at org.glassfish.jersey.internal.Errors.process(Errors.java:268) ~[org.glassfish.jersey.core-jersey-common-2.27.jar:?]
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] tuteng commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
tuteng commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-646987346
You can add configuration to file function_worker.yml @dongschao
```
# clientAuthenticationPlugin:
# the authentication parameter to be used by the pulsar client used in worker service
# clientAuthenticationParameters:
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] dongschao commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
dongschao commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-647083223
Thank you very much for your help,i had add this configuration,but Problems still exist,If I want to use pulsar functions, do I need to use a proxy? @tuteng
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] daiwei233 commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
daiwei233 commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-1048597712
I think the official document is wrong, I found the correct configuration, and it works.
```
# Whether to enable the broker client authentication used by function workers to talk to brokers
brokerClientAuthenticationEnabled: true
# the authentication plugin to be used by the pulsar client used in worker service
brokerClientAuthenticationPlugin: org.apache.pulsar.client.impl.auth.AuthenticationToken
# the authentication parameter to be used by the pulsar client used in worker service
brokerClientAuthenticationParameters: token:eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiJ9.F6t5Cge93JOIFodRkj0v7Y77ludnXlDPiqc4ZocUSzEbRXlG7xwiqnrN5-noiLz0hDgQBgSM-zINjJLFzg-_C_XiTP7AbyJ54vGiMO8F51WdiYHjguHvyXzIhnqqOva_M4yA7zi-zgbLIsK7dvATYCUKXUQ0XybwMKK50-vV08oNJeHVuV5XN1--lJt1ZQJd2jDCCybe7FOs4CEVWKRgNWwTRo_GN5ckHC1yr5SeHGIhKnuWZinx-v4yLdJrzFmw9fccfv22PEwrUcT2paElMPM8V0y5EZjwO3BodZk9PlDWULdv_DiMaFhghAYuanhorSgHXmyrvLzqR6r5hNehUQ
```
https://pulsar.apache.org/docs/en/functions-worker/#function-metadata-parameter
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-647863796
@dongschao Can you share the whole copy of your broker configuration?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] HistoryGift commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
HistoryGift commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-878811532
I have the same problem,and don't have the resolution
Worker Configs: {
"workerId" : "worker1",
"workerHostname" : "10.2.216.201",
"workerPort" : 6750,
"workerPortTls" : 6751,
"authenticateMetricsEndpoint" : true,
"includeStandardPrometheusMetrics" : false,
"jvmGCMetricsLoggerClassName" : null,
"numHttpServerThreads" : 8,
"httpRequestsLimitEnabled" : false,
"httpRequestsMaxPerSecond" : 100.0,
"configurationStoreServers" : "10.2.177.43:2181",
"zooKeeperSessionTimeoutMillis" : 30000,
"zooKeeperOperationTimeoutSeconds" : 30,
"zooKeeperCacheExpirySeconds" : 300,
"connectorsDirectory" : "./connectors",
"narExtractionDirectory" : "/tmp",
"validateConnectorConfig" : false,
"functionsDirectory" : "./functions",
"functionMetadataTopicName" : "metadata",
"useCompactedMetadataTopic" : false,
"functionWebServiceUrl" : null,
"pulsarServiceUrl" : "pulsar://10.2.177.39:6650",
"pulsarWebServiceUrl" : "http://10.2.177.39:8081",
"clusterCoordinationTopicName" : "coordinate",
"pulsarFunctionsNamespace" : "public/functions",
"pulsarFunctionsCluster" : "pulsar-cluster",
"numFunctionPackageReplicas" : 1,
"downloadDirectory" : "download/pulsar_functions",
"stateStorageServiceUrl" : null,
"functionAssignmentTopicName" : "assignments",
"schedulerClassName" : "org.apache.pulsar.functions.worker.scheduler.RoundRobinScheduler",
"failureCheckFreqMs" : 30000,
"rescheduleTimeoutMs" : 60000,
"rebalanceCheckFreqSec" : -1,
"initialBrokerReconnectMaxRetries" : 60,
"assignmentWriteMaxRetries" : 60,
"instanceLivenessCheckFreqMs" : 30000,
"brokerClientAuthenticationEnabled" : true,
"brokerClientAuthenticationPlugin" : "org.apache.pulsar.client.impl.auth.AuthenticationSasl",
"brokerClientAuthenticationParameters" : "{\"saslJaasClientSectionName\":\"PulsarClient\",\"serverType\":\"broker\"}",
"bookkeeperClientAuthenticationPlugin" : null,
"bookkeeperClientAuthenticationParametersName" : null,
"bookkeeperClientAuthenticationParameters" : null,
"topicCompactionFrequencySec" : 1800,
"tlsEnabled" : false,
"tlsCertificateFilePath" : null,
"tlsKeyFilePath" : null,
"tlsTrustCertsFilePath" : null,
"tlsAllowInsecureConnection" : false,
"tlsRequireTrustedClientCertOnConnect" : false,
"useTls" : false,
"tlsEnableHostnameVerification" : false,
"tlsCertRefreshCheckDurationSec" : 300,
"authenticationEnabled" : true,
"authenticationProviders" : [ "org.apache.pulsar.broker.authentication.AuthenticationProviderSasl" ],
"authorizationEnabled" : true,
"authorizationProvider" : "org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider",
"superUserRoles" : [ "client/10.2.177.48@EXAMPLE.COM"],
"properties" : {
"saslJaasBrokerSectionName" : "PulsarBroker",
"saslJaasClientAllowedIds" : ".*[a-zA-Z0-9].*"
},
"brokerClientTrustCertsFilePath" : null,
"functionRuntimeFactoryClassName" : "org.apache.pulsar.functions.runtime.process.ProcessRuntimeFactory",
"functionRuntimeFactoryConfigs" : {
"logDirectory" : "logs/",
"javaInstanceJarLocation" : null,
"pythonInstanceLocation" : null,
"extraFunctionDependenciesDir" : null
},
"secretsProviderConfiguratorClassName" : null,
"secretsProviderConfiguratorConfig" : null,
"functionInstanceMinResources" : null,
"functionAuthProviderClassName" : null,
"runtimeCustomizerClassName" : null,
"runtimeCustomizerConfig" : { },
"maxPendingAsyncRequests" : 1000,
"forwardSourceMessageProperty" : true,
"threadContainerFactory" : null,
"processContainerFactory" : null,
"kubernetesContainerFactory" : null,
"clientAuthenticationParameters" : "{\"saslJaasClientSectionName\":\"PulsarClient\",\"serverType\":\"broker\"}",
"clientAuthenticationPlugin" : "org.apache.pulsar.client.impl.auth.AuthenticationSasl",
"functionMetadataTopic" : "persistent://public/functions/metadata",
"clusterCoordinationTopic" : "persistent://public/functions/coordinate",
"functionAssignmentTopic" : "persistent://public/functions/assignments",
"tlsTrustChainBytes" : null,
"workerWebAddress" : "http://10.2.216.201:6750",
"workerWebAddressTls" : "https://10.2.216.201:6751"
}
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] sijie commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-647863634
@dongschao Did you configure this for standalone or brokers in a cluster?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] daiwei233 edited a comment on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
daiwei233 edited a comment on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-1048597712
I think the official document is wrong, I found the correct configuration, and it works.
```
# Whether to enable the broker client authentication used by function workers to talk to brokers
brokerClientAuthenticationEnabled: true
# the authentication plugin to be used by the pulsar client used in worker service
brokerClientAuthenticationPlugin: org.apache.pulsar.client.impl.auth.AuthenticationToken
# the authentication parameter to be used by the pulsar client used in worker service
brokerClientAuthenticationParameters: token:eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJhZG1pbiJ9.F6t5Cge93JOIFodRkj0v7Y77ludnXlDPiqc4ZocUSzEbRXlG7xwiqnrN5-noiLz0hDgQBgSM-zINjJLFzg-_C_XiTP7AbyJ54vGiMO8F51WdiYHjguHvyXzIhnqqOva_M4yA7zi-zgbLIsK7dvATYCUKXUQ0XybwMKK50-vV08oNJeHVuV5XN1--lJt1ZQJd2jDCCybe7FOs4CEVWKRgNWwTRo_GN5ckHC1yr5SeHGIhKnuWZinx-v4yLdJrzFmw9fccfv22PEwrUcT2paElMPM8V0y5EZjwO3BodZk9PlDWULdv_DiMaFhghAYuanhorSgHXmyrvLzqR6r5hNehUQ
```
https://pulsar.apache.org/docs/en/functions-worker/#function-metadata-parameter
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] momo-jun commented on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
momo-jun commented on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-1076266156
Status update: @RobertIndie will submit a PR to resolve the issue.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar] dongschao edited a comment on issue #7314: config function authorization
Posted by GitBox <gi...@apache.org>.
dongschao edited a comment on issue #7314:
URL: https://github.com/apache/pulsar/issues/7314#issuecomment-647083223
Thank you very much for your help,i had add this configuration,but Problems still exist,i dont use proxy now,If I want to use pulsar functions, do I need to use a proxy ?,or Is there any other way to solve thisproblem ? HTTP 401 Unauthorized @tuteng
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org