You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pulsar.apache.org by GitBox <gi...@apache.org> on 2020/06/27 00:06:23 UTC
[GitHub] [pulsar-client-node] sammoh94 opened a new issue #99: Authenticating using a Token
sammoh94 opened a new issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99
Hi,
I am trying to use a token to create a producer but keep getting the following message
```
INFO ClientConnection:330 | [ -> ] Connected to broker
ERROR ClientConnection:388 | [ -> ] Handshake failed: certificate verify failed
INFO ClientConnection:1349 | [ -> ] Connection closed
ERROR ClientImpl:182 | Error Checking/Getting Partition Metadata while creating producer on persistent://[topic] -- 5
```
When I try to connect locally using a token, it seems to work however when I am running it in production, I am seeing the above messages. Therefore, not sure how to replicate it locally.
Is there a way to use the token or do I have to use the certification / private key approach when initializing the client:
`return new pulsar.Client({ ..., auth: { certificatePath: '', privateKeyPath: '' })
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Matt-Esch commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Matt-Esch commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-998386200
Can confirm this is an issue, occurs when upgrading to pulsar > 2.6.0
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] sammoh94 commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
sammoh94 commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-651251987
Producer or client? I create the producer as follows:
```
this.producer = await client.createProducer({
topic: generateTopicName(config.pulsar.tenant, config.pulsar.namespace),
producerName: 'my_topic_name',
sendTimeoutMs: 30000,
});
```
The client is created as follows:
```
const toAny = (pulsar as unknown) as any;
const auth = new toAny.AuthenticationToken({ token: config.pulsar.token });
return new pulsar.Client({
...PULSAR_DEFAULT_OPTS,
serviceUrl: `pulsar+ssl://${config.pulsar.hostname}:${config.pulsar.port}`,
authentication: auth,
});
}
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Matt-Esch commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Matt-Esch commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1000845729
Trying with v2.9.1 as per @Sraleik suggestion
```
[2021-12-24T13:39:43.164Z] 2021-12-24 13:39:42.898 INFO [139633915127552] ClientImpl:491 | Closing Pulsar client with 0 producers and 0 consumers
[2021-12-24T13:39:43.164Z] 2021-12-24 13:39:42.898 INFO [139633681757952] ClientConnection:181 | [<none> -> pulsar+ssl://localhost:6651] Create ClientConnection, timeout=10000
[2021-12-24T13:39:43.164Z] 2021-12-24 13:39:42.898 INFO [139633681757952] ConnectionPool:96 | Created connection for pulsar+ssl://localhost:6651
[2021-12-24T13:39:43.164Z] 2021-12-24 13:39:42.898 INFO [139633915127552] ClientConnection:1535 | [<none> -> pulsar+ssl://localhost:6651] Connection closed
[2021-12-24T13:39:43.164Z] Segmentation fault (core dumped)
[2021-12-24T13:39:43.164Z] Exited with code: 139.
[2021-12-24T13:39:43.164Z] Error executing child process: Error: Process exited with code 139.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Matt-Esch commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Matt-Esch commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1020882307
Segfault issue tracked here: https://github.com/apache/pulsar-client-node/issues/191
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Matt-Esch commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Matt-Esch commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1020882307
Segfault issue tracked here: https://github.com/apache/pulsar-client-node/issues/191
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] sammoh94 commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
sammoh94 commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-652710638
@sijie following up on this. Do you have any thoughts/ suggestions? Thanks!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] sijie commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-650860688
How do you create the producer? Can you show us the code sample?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] izumo27 commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
izumo27 commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1000027066
@Matt-Esch What kind of environment did you use? Can you tell us the details of the issue?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Sraleik commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Sraleik commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1000809752
It is now working for me with this setup:
node version: 16.13.0
pulsar-client-node: 1.5.0
apache-pulsar-client(library C++): 2.9.1
with apache-pulsar-client: 2.8.0 it was not working
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] sijie commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
sijie commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-652828378
@sammoh94 it looks that the token doesn't have permissions to access the topic. Have you verified that you are using the right token?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Sraleik commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Sraleik commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-919300833
Any news on this ? I have the exact same Problem :(
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] sammoh94 edited a comment on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
sammoh94 edited a comment on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-651251987
Producer or client? I create the producer as follows:
```
this.producer = await client.createProducer({
topic: generateTopicName(config.pulsar.tenant, config.pulsar.namespace),
producerName: 'my_topic_name',
sendTimeoutMs: 30000,
});
```
The client is created as follows:
```
const toAny = (pulsar as unknown) as any;
const auth = new toAny.AuthenticationToken({ token: config.pulsar.token });
return new pulsar.Client({
...PULSAR_DEFAULT_OPTS,
serviceUrl: `pulsar+ssl://${config.pulsar.hostname}:${config.pulsar.port}`,
authentication: auth,
});
}
```
In the default ops, I am just setting the operation timeout seconds field:
```
export const PULSAR_DEFAULT_OPTS = {
operationTimeoutSeconds: 30,
};
```
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [pulsar-client-node] Matt-Esch commented on issue #99: Authenticating using a Token
Posted by GitBox <gi...@apache.org>.
Matt-Esch commented on issue #99:
URL: https://github.com/apache/pulsar-client-node/issues/99#issuecomment-1000215683
I am attempting an upgrade to node 16 which means fast-forwarding the version of pulsar-client-node we are using from 1.2.0 to 1.4.1, which comes with the minimum pulsar version requirement of 2.8.0. We find that upgrading to pulsar-client-node@v1.4.1 with pulsar 2.8.0 causes this handshake fail issue. We also find that remaining on pulsar-client-node@v1.2.0 and upgrading past pulsar >= 2.7.0 also causes the same issue, so this is likely to be a change in the underlying pulsar client or some missing/additional configuration.
This is replicable in our CI environment running on ubuntu with docker.
We run a local pulsar node from an available pulsar image apachepulsar/pulsar. We were using 2.5.0 but upgraded to 2.8.1 just to double-check this wasn't a version incompatibility (not unreasonable to think the 2.8.1 client would not work entirely with a 2.5.0 broker).
We generate a self-signed cert using cfssl v1.6.1, and we're using RSA 2048.
We use a Makefile to generate a key secret and admin/user keys
```
PULSAR_DOCKER_IMAGE = "apachepulsar/pulsar:2.8.1"
PULSAR = docker run --rm -v "$(CURDIR)/conf:/pulsar/conf" -v "$(CURDIR)/auth:/pulsar/auth" $(PULSAR_DOCKER_IMAGE) bin/pulsar
tokens
$(PULSAR) tokens create-secret-key > auth/tokens/secret.key
$(PULSAR) tokens create --secret-key file:///pulsar/auth/tokens/secret.key --subject admin > auth/tokens/admin-token
$(PULSAR) tokens create --secret-key file:///pulsar/auth/tokens/secret.key --subject user > auth/tokens/user-token
```
Client config:
```
authParams=file:///pulsar/auth/admin-token
authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
brokerServiceUrl=pulsar://localhost:6650/
tlsAllowInsecureConnection=false
tlsEnableHostnameVerification=false
tlsTrustCertsFilePath=/pulsar/auth/pulsar-ca/certs/ca.cert.pem
webServiceUrl=http://localhost:8000/
```
(we have a hostname mismatch due to localhost aliases being used i.e. if foo.bar.baz -> localhost)
Our standalone pulsar configuration (generated broker settings with comments stripped)
```
zookeeperServers=
configurationStoreServers=
brokerServicePort=6650
webServicePort=8000
bindAddress=0.0.0.0
advertisedAddress=
numIOThreads=
numHttpServerThreads=
clusterName=standalone
failureDomainsEnabled=false
zooKeeperSessionTimeoutMillis=30000
zooKeeperOperationTimeoutSeconds=30
brokerShutdownTimeoutMs=60000
backlogQuotaCheckEnabled=true
backlogQuotaCheckIntervalInSeconds=60
backlogQuotaDefaultLimitGB=10
ttlDurationDefaultInSeconds=0
brokerDeleteInactiveTopicsEnabled=true
brokerDeleteInactiveTopicsFrequencySeconds=60
messageExpiryCheckIntervalInMinutes=5
activeConsumerFailoverDelayTimeMillis=1000
subscriptionExpirationTimeMinutes=0
subscriptionRedeliveryTrackerEnabled=true
subscriptionExpiryCheckIntervalInMinutes=5
brokerDeduplicationEnabled=false
brokerDeduplicationMaxNumberOfProducers=10000
brokerDeduplicationEntriesInterval=1000
brokerDeduplicationProducerInactivityTimeoutMinutes=360
defaultNumberOfNamespaceBundles=4
clientLibraryVersionCheckEnabled=false
statusFilePath=/usr/local/apache/htdocs
maxUnackedMessagesPerConsumer=50000
maxUnackedMessagesPerSubscription=200000
maxUnackedMessagesPerBroker=0
maxUnackedMessagesPerSubscriptionOnBrokerBlocked=0.16
topicPublisherThrottlingTickTimeMillis=2
brokerPublisherThrPottlingTickTimeMillis=50
brokerPublisherThrottlingMaxMessageRate=0
brokerPublisherThrottlingMaxByteRate=0
dispatchThrottlingRatePerTopicInMsg=0
dispatchThrottlingRatePerTopicInByte=0
dispatchThrottlingRateRelativeToPublishRate=false
dispatchThrottlingOnNonBacklogConsumerEnabled=true
maxConcurrentLookupRequest=50000
maxConcurrentTopicLoadRequest=5000
maxConcurrentNonPersistentMessagePerConnection=1000
numWorkerThreadsForNonPersistentTopic=8
enablePersistentTopics=true
enableNonPersistentTopics=true
maxProducersPerTopic=0
maxConsumersPerTopic=0
maxConsumersPerSubscription=0
proxyRoles=
authenticateOriginalAuthData=false
authenticationEnabled=true
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderToken,org.apache.pulsar.broker.authentication.AuthenticationProviderTls
tokenSecretKey=file:///pulsar/auth/tokens/secret.key
authorizationEnabled=true
authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider
authorizationAllowWildcardsMatching=false
superUserRoles=admin
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationToken
brokerClientAuthenticationParameters=file:///pulsar/auth/tokens/admin-token
athenzDomainNames=
anonymousUserRole=anonymous
tokenAuthClaim=
bookkeeperClientAuthenticationPlugin=
bookkeeperClientAuthenticationParametersName=
bookkeeperClientAuthenticationParameters=
bookkeeperClientTimeoutInSeconds=30
bookkeeperClientSpeculativeReadTimeoutInMillis=0
bookkeeperClientHealthCheckEnabled=true
bookkeeperClientHealthCheckIntervalSeconds=60
bookkeeperClientHealthCheckErrorThresholdPerInterval=5
bookkeeperClientHealthCheckQuarantineTimeInSeconds=1800
bookkeeperClientRackawarePolicyEnabled=true
bookkeeperClientRegionawarePolicyEnabled=false
bookkeeperClientReorderReadSequenceEnabled=false
bookkeeperClientIsolationGroups=
bookkeeperClientSecondaryIsolationGroups=
bookkeeperClientMinAvailableBookiesInIsolationGroups=
bookkeeperTLSProviderFactoryClass=org.apache.bookkeeper.tls.TLSContextFactory
bookkeeperTLSClientAuthentication=false
bookkeeperTLSKeyFileType=PEM
bookkeeperTLSTrustCertTypes=PEM
bookkeeperTLSKeyStorePasswordPath=
bookkeeperTLSTrustStorePasswordPath=
bookkeeperTLSKeyFilePath=
bookkeeperTLSCertificateFilePath=
bookkeeperTLSTrustCertsFilePath=
bookkeeperDiskWeightBasedPlacementEnabled=false
managedLedgerDefaultEnsembleSize=1
managedLedgerDefaultWriteQuorum=1
managedLedgerDefaultAckQuorum=1
managedLedgerDigestType=CRC32C
managedLedgerNumWorkerThreads=4
managedLedgerNumSchedulerThreads=4
managedLedgerCacheSizeMB=
managedLedgerCacheCopyEntries=false
managedLedgerCacheEvictionWatermark=0.9
managedLedgerCacheEvictionFrequency=100.0
managedLedgerCacheEvictionTimeThresholdMillis=1000
managedLedgerCursorBackloggedThreshold=1000
managedLedgerDefaultMarkDeleteRateLimit=0.1
managedLedgerMaxEntriesPerLedger=50000
managedLedgerMinLedgerRolloverTimeMinutes=10
managedLedgerMaxLedgerRolloverTimeMinutes=240
managedLedgerCursorMaxEntriesPerLedger=50000
managedLedgerCursorRolloverTimeInSeconds=14400
managedLedgerMaxUnackedRangesToPersist=10000
managedLedgerMaxUnackedRangesToPersistInZooKeeper=1000
autoSkipNonRecoverableData=false
managedLedgerMetadataOperationsTimeoutSeconds=60
managedLedgerReadEntryTimeoutSeconds=0
managedLedgerAddEntryTimeoutSeconds=0
managedLedgerUnackedRangesOpenCacheSetEnabled=true
loadManagerClassName=org.apache.pulsar.broker.loadbalance.NoopLoadManager
loadBalancerEnabled=false
loadBalancerReportUpdateThresholdPercentage=10
loadBalancerReportUpdateMaxIntervalMinutes=15
loadBalancerHostUsageCheckIntervalMinutes=1
loadBalancerSheddingIntervalMinutes=1
loadBalancerSheddingGracePeriodMinutes=30
loadBalancerBrokerMaxTopics=50000
loadBalancerResourceQuotaUpdateIntervalMinutes=15
loadBalancerAutoBundleSplitEnabled=true
loadBalancerAutoUnloadSplitBundlesEnabled=true
loadBalancerNamespaceBundleMaxTopics=1000
loadBalancerNamespaceBundleMaxSessions=1000
loadBalancerNamespaceBundleMaxMsgRate=30000
loadBalancerNamespaceBundleMaxBandwidthMbytes=100
loadBalancerNamespaceMaximumBundles=128
replicationMetricsEnabled=true
replicationConnectionsPerBroker=16
replicationProducerQueueSize=1000
defaultRetentionTimeInMinutes=0
defaultRetentionSizeInMB=0
keepAliveIntervalSeconds=30
webSocketServiceEnabled=true
webSocketNumIoThreads=8
webSocketConnectionsPerBroker=8
webSocketSessionIdleTimeoutMillis=300000
exposeTopicLevelMetricsInPrometheus=true
exposePublisherStats=true
globalZookeeperServers=
brokerServicePurgeInactiveFrequencyInSeconds=60
ledgerStorageClass=org.apache.bookkeeper.bookie.storage.ldb.DbLedgerStorage
dbStorage_writeCacheMaxSizeMb=
dbStorage_readAheadCacheMaxSizeMb=
dbStorage_readAheadCacheBatchSize=1000
flushInterval=60000
dbStorage_rocksDB_blockCacheSize=
dbStorage_rocksDB_writeBufferSizeMB=4
dbStorage_rocksDB_sstSizeInMB=4
dbStorage_rocksDB_blockSize=4096
dbStorage_rocksDB_bloomFilterBitsPerKey=10
dbStorage_rocksDB_numLevels=-1
dbStorage_rocksDB_numFilesInLevel0=4
dbStorage_rocksDB_maxSizeInLevel1MB=256
journalMaxGroupWaitMSec=1
journalSyncData=false
diskUsageThreshold=0.99
diskUsageWarnThreshold=0.99
allowLoopback=true
gcWaitTime=300000
allowAutoTopicCreation=true
allowAutoTopicCreationType=non-partitioned
defaultNumPartitions=1
transactionMetadataStoreProviderClassName=org.apache.pulsar.transaction.coordinator.impl.InMemTransactionMetadataStore
tlsCertificateFilePath=/pulsar/auth/pulsar-ca/broker.cert.pem
tlsKeyFilePath=/pulsar/auth/pulsar-ca/broker.key-pk8.pem
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org