thesquiff opened a new issue #9959: URL: https://github.com/apache/pulsar/issues/9959
Let's say we have a cluster of three brokers, A, B & C. Broker A&B are also configured as functions workers. All brokers are TLS enabled for both https:// and pulsar://. The https endpoint is configured on port 8443. If I query broker A for the status of a function that is actually running on broker B the expected behaviour is that that broker A queries B and returns the result to the requestor. This does not work when brokers are TLS enabled. For the above mechanism to work the assignmentId of the function is compared to the workerId of the broker (generated from the hostname and the **non-TLS** http port, default 8080). Regardless of whether the request was TLS enabled or not, this comparison always succeeds for a request if the broker is running the function for which a status report is required (e.g. request to Broker A for function running on Broker A), as functions are always registered using the non-TLS port too. If we are enquiring about a function running on a different broker however (e.g. request to broker A for a function running on broker B) then the comparison fails and thus a http request to Broker B is created to get the status information. To create the request the workerId is used and this is hardcoded to use the **non-TLS** http port from the config. The request fails because it trying to make a non-secure http request to TLS enabled broker B. HTTP 401 Not Authorised is received. A suggestion for a fix: Update WorkerConfig.java -> getWorkerId to use the TLS port if is configured and the non-TLS port if not. getWorkWebAddress() would need similar alternation to use https not just http. Functions I think would then be registered correctly against the correct port and the above mechanism should work. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org