[GitHub] [pulsar] thesquiff opened a new issue #9959: Getting function status for function on another broker fails when TLS HTTP endpoints are configured

Thu, 18 Mar 2021 05:58:11 -0700 


thesquiff opened a new issue #9959:
URL: https://github.com/apache/pulsar/issues/9959


   Let's say we have a cluster of three brokers, A, B & C. Broker A&B are also 
configured as functions workers. All brokers are TLS enabled for both https:// 
and pulsar://. The https endpoint is configured on port 8443. 
   
   If I query broker A for the status of a function that is actually running on 
broker B the expected behaviour is that that broker A queries B and returns the 
result to the requestor. This does not work when brokers are TLS enabled.
   
   For the above mechanism to work the assignmentId of the function is compared 
to the workerId of the broker (generated from the hostname and the **non-TLS** 
http port, default 8080). Regardless of whether the request was TLS enabled or 
not, this comparison always succeeds for a request if the broker is running the 
function for which a status report is required (e.g. request to Broker A for 
function running on Broker A), as functions are always registered using the 
non-TLS port too. ​If we are enquiring about a function running on a different 
broker however (e.g. request to broker A for a function running on broker B) 
then the comparison fails and thus a http request to Broker B is created to get 
the status information. To create the request the workerId is used and this is 
hardcoded to use the **non-TLS** http port from the config. The request fails 
because it trying to make a non-secure http request to TLS enabled broker B. 
HTTP 401 Not Authorised is received.
   
   A suggestion for a fix:
   
   Update WorkerConfig.java -> getWorkerId to use the TLS port if is configured 
and the non-TLS port if not.  getWorkWebAddress() would need similar 
alternation to use https not just http. Functions I think would then be 
registered correctly against the correct port and the above mechanism should 
work. 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to