Edward Rojas created FLINK-9261:
-----------------------------------
Summary: Regression - Flink CLI and Web UI not working when SSL is
enabled
Key: FLINK-9261
URL: https://issues.apache.org/jira/browse/FLINK-9261
Project: Flink
Issue Type: Bug
Components: Client, Network, Web Client
Affects Versions: 1.5.0
Reporter: Edward Rojas
When *security.ssl.enabled* config is set to true, Web UI is no longer
reachable; there is no logs on jobmanager.
When setting *web.ssl.enabled* to false (keeping security.ssl.enabled to true),
the dashboard is not reachable and there is the following exception on
jobmanager:
{code:java}
WARN org.apache.flink.runtime.dispatcher.DispatcherRestEndpoint - Unhandled
exception
org.apache.flink.shaded.netty4.io.netty.handler.ssl.NotSslRecordException: not
an SSL/TLS record:
474554202f20485454502f312e310d0a486f73743a206c6f63616c686f73743a383038310d0a436f6e6e656374696f6e3a206b6565702d616c6976650d0a557067726164652d496e7365637572652d52657175657374733a20310d0a557365722d4167656e743a204d6f7a696c6c612f352e3020284d6163696e746f73683b20496e74656c204d6163204f5320582031305f31335f3329204170706c655765624b69742f3533372e333620284b48544d4c2c206c696b65204765636b6f29204368726f6d652f36352e302e333332352e313831205361666172692f3533372e33360d0a4163636570743a20746578742f68746d6c2c6170706c69636174696f6e2f7868746d6c2b786d6c2c6170706c69636174696f6e2f786d6c3b713d302e392c696d6167652f776562702c696d6167652f61706e672c2a2f2a3b713d302e380d0a4163636570742d456e636f64696e673a20677a69702c206465666c6174652c2062720d0a4163636570742d4c616e67756167653a20656e2c656e2d47423b713d302e392c65732d3431393b713d302e382c65733b713d302e372c66722d46523b713d302e362c66723b713d302e350d0a436f6f6b69653a20496465612d39326365626136363d39396464633637632d613838382d346439332d396166612d3737396631373636326264320d0a49662d4d6f6469666965642d53696e63653a205468752c2032362041707220323031382031313a30313a313520474d540d0a0d0a
at
org.apache.flink.shaded.netty4.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:940)
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:315)
at
org.apache.flink.shaded.netty4.io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:229)
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:339)
at
org.apache.flink.shaded.netty4.io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:324)
at
org.apache.flink.shaded.netty4.io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:847)
at
org.apache.flink.shaded.netty4.io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:131)
at
org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
at
org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
at
org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
at
org.apache.flink.shaded.netty4.io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
at
org.apache.flink.shaded.netty4.io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:111)
at
org.apache.flink.shaded.netty4.io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
at java.lang.Thread.run(Thread.java:745)
{code}
Also when trying to use the Flink CLI, it get stuck on "Waiting for
response..." and there is no error messages on jobmanager. None of the commands
works, list, run etc.
Taskmanagers are able to registrate to Jobmanager, so the SSL configuration is
good.
SSL configuration:
security.ssl.enabled: true
security.ssl.keystore: /path/to/keystore
security.ssl.keystore-password: xxxx
security.ssl.key-password: xxxx
security.ssl.truststore: /path/to/truststore
security.ssl.truststore-password: xxxx
web.ssl.enabled: false
This same configuration works perfectly on Flink 1.4.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
