[jira] [Commented] (FLINK-9261) Regression - Flink CLI and Web UI not working when SSL is enabled

Thu, 03 May 2018 01:50:35 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-9261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16462124#comment-16462124
 ] 

Edward Rojas commented on FLINK-9261:
-------------------------------------

I just want to point out that even with *web.ssl.enabled* set to true, the Web 
UI is not reachable and the CLI does not work either, it just gets stuck in 
"Waiting for response" and there is no logs on jobmanager.

> Regression - Flink CLI and Web UI not working when SSL is enabled
> -----------------------------------------------------------------
>
>                 Key: FLINK-9261
>                 URL: https://issues.apache.org/jira/browse/FLINK-9261
>             Project: Flink
>          Issue Type: Bug
>          Components: Client, Network, Web Client
>    Affects Versions: 1.5.0
>            Reporter: Edward Rojas
>            Priority: Blocker
>              Labels: regression
>             Fix For: 1.5.0
>
>
> When *security.ssl.enabled* config is set to true, Web UI is no longer 
> reachable; there is no logs on jobmanager. 
>  
> When setting *web.ssl.enabled* to false (keeping security.ssl.enabled to 
> true), the dashboard is not reachable and there is the following exception on 
> jobmanager: 
> {code:java}
> WARN  org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint    - 
> Unhandled exception
> org.apache.flink.shaded.netty4.io.netty.handler.ssl.NotSslRecordException: 
> not an SSL/TLS record: 
> 474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73743a383038310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31335f3329204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f36352e302e333332352e313831205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e380d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c2062720d0a4163636570742d4c616e67756167653a20656e2c656e2d47423b713d302e392c65732d3431393b713d302e382c65733b713d302e372c66722d46523b713d302e362c66723b713d302e350d0a436f6f6b69653a20496465612d39326365626136363d39396464633637632d613838382d346439332d396166612d3737396631373636326264320d0a49662d4d6f6469666965642d53696e63653a205468752c2032362041707220323031382031313a30313a313520474d540d0a0d0a
> at 
> org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:940)
> at 
> org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:315)
> at 
> org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:229)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:847)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
> at 
> org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
> at 
> org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
> at 
> org.apache.flink.shaded.netty4.io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
> at java.lang.Thread.run(Thread.java:745)
> {code}
> Also when trying to use the Flink CLI, it get stuck on "Waiting for 
> response..." and there is no error messages on jobmanager. None of the 
> commands works, list, run etc.
>  
> Taskmanagers are able to registrate to Jobmanager, so the SSL configuration 
> is good.
>  
> SSL configuration:
> security.ssl.enabled: true
> security.ssl.keystore: /path/to/keystore
> security.ssl.keystore-password: xxxx
> security.ssl.key-password: xxxx
> security.ssl.truststore: /path/to/truststore
> security.ssl.truststore-password: xxxx
> web.ssl.enabled: false
> This same configuration works perfectly on Flink 1.4.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to