You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hudi.apache.org by GitBox <gi...@apache.org> on 2022/09/30 19:56:58 UTC

[GitHub] [hudi] smunigati opened a new issue, #6842: HoodieDeltaStreamer is not honoring schema registry SSL key/trust store properties when connecting schema.registry.url

smunigati opened a new issue, #6842:
URL: https://github.com/apache/hudi/issues/6842

   
   HoodieDeltaStreamer is not honoring following schema registry properties when passed part of kafka source property file to connect  in HTTPS mode. 
   
   schema.registry.url=[https://schemaregistry.com](https://schemaregisty.com/)
   schema.registry.ssl.keystore.location=/artifacts/topics/certs/keystore.jks
   schema.registry.ssl.keystore.password=****
   schema.registry.ssl.truststore.location=/artifacts/topics/certs/truststore.jks
   schema.registry.ssl.truststore.password=****
   schema.registry.ssl.key.password=****
   
   
   **Environment Description**
   
   * Amazon EMR 6.7
   
   * Hudi version : 0.11
   
   * Spark version : 3.2.1
   
   * Hive version : 3.1.3
   
   * Hadoop version : 3.2.1
   
   * Storage (HDFS/S3/GCS..) : S3
   
   * Running on Docker? (yes/no) : no 
   
   
   **Additional context**
   
   When we add the same trust/keystore certificates to JVM default cacerts  it works. 
   
   **Stacktrace**
   
   ```Exception in thread "main" org.apache.hudi.exception.HoodieIOException: Error reading source schema from registry:
       at org.apache.hudi.utilities.schema.SchemaRegistryProvider.getSourceSchema(SchemaRegistryProvider.java:109)
       at org.apache.hudi.utilities.schema.SchemaProviderWithPostProcessor.lambda$getSourceSchema$0(SchemaProviderWithPostProcessor.java:41)
       at org.apache.hudi.common.util.Option.map(Option.java:108)
       at org.apache.hudi.utilities.schema.SchemaProviderWithPostProcessor.getSourceSchema(SchemaProviderWithPostProcessor.java:41)
       at org.apache.hudi.utilities.deltastreamer.DeltaSync.registerAvroSchemas(DeltaSync.java:839)
       at org.apache.hudi.utilities.deltastreamer.DeltaSync.<init>(DeltaSync.java:233)
       at org.apache.hudi.utilities.deltastreamer.HoodieDeltaStreamer$DeltaSyncService.<init>(HoodieDeltaStreamer.java:646)
       at org.apache.hudi.utilities.deltastreamer.HoodieDeltaStreamer.<init>(HoodieDeltaStreamer.java:142)
       at org.apache.hudi.utilities.deltastreamer.HoodieDeltaStreamer.<init>(HoodieDeltaStreamer.java:115)
       at org.apache.hudi.utilities.deltastreamer.HoodieDeltaStreamer.main(HoodieDeltaStreamer.java:549)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:498)
       at org.apache.spark.deploy.JavaMainApplication.start(SparkApplication.scala:52)
       at org.apache.spark.deploy.SparkSubmit.org$apache$spark$deploy$SparkSubmit$$runMain(SparkSubmit.scala:1000)
       at org.apache.spark.deploy.SparkSubmit.doRunMain$1(SparkSubmit.scala:180)
       at org.apache.spark.deploy.SparkSubmit.submit(SparkSubmit.scala:203)
       at org.apache.spark.deploy.SparkSubmit.doSubmit(SparkSubmit.scala:90)
       at org.apache.spark.deploy.SparkSubmit$$anon$2.doSubmit(SparkSubmit.scala:1089)
       at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:1098)
       at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)
   Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.ssl.Alert.createSSLException(Alert.java:131)
       at sun.security.ssl.TransportContext.fatal(TransportContext.java:324)
       at sun.security.ssl.TransportContext.fatal(TransportContext.java:267)
       at sun.security.ssl.TransportContext.fatal(TransportContext.java:262)
       at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
       at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
       at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
       at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
       at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
       at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
       at sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
       at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
       at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1397)
       at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1305)
       at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197)
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1572)
       at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1500)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
       at org.apache.hudi.utilities.schema.SchemaRegistryProvider.getStream(SchemaRegistryProvider.java:91)
       at org.apache.hudi.utilities.schema.SchemaRegistryProvider.fetchSchemaFromRegistry(SchemaRegistryProvider.java:81)
       at org.apache.hudi.utilities.schema.SchemaRegistryProvider.getSchema(SchemaRegistryProvider.java:100)
       at org.apache.hudi.utilities.schema.SchemaRegistryProvider.getSourceSchema(SchemaRegistryProvider.java:107)
       ... 21 more
   Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:456)
       at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
       at sun.security.validator.Validator.validate(Validator.java:271)
       at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
       at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:223)
       at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
       at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
       ... 40 more
   Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
       at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
       at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
       at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
       at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
       ... 46 more
   22/09/27 18:02:25 INFO ShutdownHookManager: Shutdown hook called
   22/09/27 18:02:25 INFO ShutdownHookManager: Deleting directory /mnt/tmp/spark-c6361b3d-e191-4cd5-906e-b6e9235aa5b5
   22/09/27 18:02:25 INFO ShutdownHookManager: Deleting directory /mnt/tmp/spark-fdca9bfd-a552-4ea3-b8b6-a7481f873440
   Command exiting with ret '1'```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] codope commented on issue #6842: HoodieDeltaStreamer is not honoring schema registry SSL key/trust store properties when connecting schema.registry.url

Posted by "codope (via GitHub)" <gi...@apache.org>.
codope commented on issue #6842:
URL: https://github.com/apache/hudi/issues/6842#issuecomment-1412115508

   Fixed by above patch.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] alexeykudinkin commented on issue #6842: HoodieDeltaStreamer is not honoring schema registry SSL key/trust store properties when connecting schema.registry.url

Posted by GitBox <gi...@apache.org>.
alexeykudinkin commented on issue #6842:
URL: https://github.com/apache/hudi/issues/6842#issuecomment-1270699265

   Created HUDI-4991 to track


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [hudi] codope closed issue #6842: HoodieDeltaStreamer is not honoring schema registry SSL key/trust store properties when connecting schema.registry.url

Posted by "codope (via GitHub)" <gi...@apache.org>.
codope closed issue #6842: HoodieDeltaStreamer  is not honoring schema registry SSL key/trust store properties when connecting schema.registry.url
URL: https://github.com/apache/hudi/issues/6842


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@hudi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org