HistoryGift opened a new issue #11295: URL: https://github.com/apache/pulsar/issues/11295
**Describe the bug** Pulsar Cluster is configured with kerberos , when I start a independant function worker ,I got a error "org.apache.pulsar.client.admin.internal.BaseResource - [http://10.2.177.38:8081/admin/v2/persistent/public/functions/assignments] Failed to perform http put request: javax.ws.rs.NotAuthorizedException: HTTP 401 Unauthorized" in function worker's log , I also get a error "WARN org.apache.pulsar.broker.web.AuthenticationFilter - [10.2.216.201] Failed to authenticate HTTP request: Not support authDataSource type, expect sasl" in broker's log functions_worker.yaml: "workerId" : "worker1", "workerHostname" : "10.2.216.201", "workerPort" : 6750, "workerPortTls" : null, "authenticateMetricsEndpoint" : true, "includeStandardPrometheusMetrics" : false, "jvmGCMetricsLoggerClassName" : null, "numHttpServerThreads" : 8, "httpRequestsLimitEnabled" : false, "httpRequestsMaxPerSecond" : 100.0, "configurationStoreServers" : "10.2.177.43:2181,10.2.177.38:2181,10.2.177.39:2181", "zooKeeperSessionTimeoutMillis" : 30000, "zooKeeperOperationTimeoutSeconds" : 30, "zooKeeperCacheExpirySeconds" : 300, "connectorsDirectory" : "./connectors", "narExtractionDirectory" : "/tmp", "validateConnectorConfig" : false, "functionsDirectory" : "./functions", "functionMetadataTopicName" : "metadata", "useCompactedMetadataTopic" : false, "functionWebServiceUrl" : null, "pulsarServiceUrl" : "pulsar://10.2.177.38:6650", "pulsarWebServiceUrl" : "http://10.2.177.38:8081";, "clusterCoordinationTopicName" : "coordinate", "pulsarFunctionsNamespace" : "public/functions", "pulsarFunctionsCluster" : "pulsar-cluster", "numFunctionPackageReplicas" : 1, "downloadDirectory" : "download/pulsar_functions", "stateStorageServiceUrl" : null, "functionAssignmentTopicName" : "assignments", "schedulerClassName" : "org.apache.pulsar.functions.worker.scheduler.RoundRobinScheduler", "failureCheckFreqMs" : 30000, "rescheduleTimeoutMs" : 60000, "rebalanceCheckFreqSec" : -1, "initialBrokerReconnectMaxRetries" : 60, "assignmentWriteMaxRetries" : 60, "instanceLivenessCheckFreqMs" : 30000, "brokerClientAuthenticationEnabled" : true, "brokerClientAuthenticationPlugin" : "org.apache.pulsar.client.impl.auth.AuthenticationSasl", "brokerClientAuthenticationParameters" : "{\"saslJaasClientSectionName\":\"PulsarClient\",\"serverType\":\"broker\"}", "bookkeeperClientAuthenticationPlugin" : null, "bookkeeperClientAuthenticationParametersName" : null, "bookkeeperClientAuthenticationParameters" : null, "topicCompactionFrequencySec" : 1800, "tlsEnabled" : false, "tlsCertificateFilePath" : null, "tlsKeyFilePath" : null, "tlsTrustCertsFilePath" : null, "tlsAllowInsecureConnection" : false, "tlsRequireTrustedClientCertOnConnect" : false, "useTls" : false, "tlsEnableHostnameVerification" : false, "tlsCertRefreshCheckDurationSec" : 300, "authenticationEnabled" : true, "authenticationProviders" : [ "org.apache.pulsar.broker.authentication.AuthenticationProviderSasl" ], "authorizationEnabled" : true, "authorizationProvider" : "org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider", "superUserRoles" : [ "client/[email protected]", "client/[email protected]", "client/[email protected]", "client/[email protected]" ], "properties" : { "saslJaasBrokerSectionName" : "PulsarBroker", "saslJaasClientAllowedIds" : ".*[a-zA-Z0-9].*" }, "brokerClientTrustCertsFilePath" : null, "functionRuntimeFactoryClassName" : "org.apache.pulsar.functions.runtime.process.ProcessRuntimeFactory", "functionRuntimeFactoryConfigs" : { "logDirectory" : "logs/", "javaInstanceJarLocation" : null, "pythonInstanceLocation" : null, "extraFunctionDependenciesDir" : null }, "secretsProviderConfiguratorClassName" : null, "secretsProviderConfiguratorConfig" : null, "functionInstanceMinResources" : null, "functionAuthProviderClassName" : null, "runtimeCustomizerClassName" : null, "runtimeCustomizerConfig" : { }, "maxPendingAsyncRequests" : 1000, "forwardSourceMessageProperty" : true, "threadContainerFactory" : null, "processContainerFactory" : null, "kubernetesContainerFactory" : null, "clientAuthenticationParameters" : "{\"saslJaasClientSectionName\":\"PulsarClient\",\"serverType\":\"broker\"}", "clientAuthenticationPlugin" : "org.apache.pulsar.client.impl.auth.AuthenticationSasl", "functionMetadataTopic" : "persistent://public/functions/metadata", "clusterCoordinationTopic" : "persistent://public/functions/coordinate", "functionAssignmentTopic" : "persistent://public/functions/assignments", "tlsTrustChainBytes" : null, "workerWebAddress" : "http://10.2.216.201:6750";, "workerWebAddressTls" : "https://10.2.216.201:null"; } the principal of function worker is superRole in broker.conf and I also configure the pricipal as admin role of persistent://public/functions Configuration of broker.conf is as below: zookeeperServers=10.2.177.43:2181,10.2.177.38:2181,10.2.177.39:2181 configurationStoreServers=10.2.177.43:2181,10.2.177.38:2181,10.2.177.39:2181 brokerServicePort=6650 brokerServicePortTls= webServicePort=8081 webServicePortTls= bindAddress=0.0.0.0 advertisedAddress=10.2.177.38 haProxyProtocolEnabled=false numIOThreads= numOrderedExecutorThreads=8 numHttpServerThreads= numExecutorThreadPoolSize= numCacheExecutorThreadPoolSize=10 maxConcurrentHttpRequests=1024 isRunningStandalone= clusterName=pulsar-cluster maxTenants=0 failureDomainsEnabled=false zooKeeperSessionTimeoutMillis=30000 zooKeeperOperationTimeoutSeconds=30 zooKeeperCacheExpirySeconds=300 brokerShutdownTimeoutMs=60000 skipBrokerShutdownOnOOM=false backlogQuotaCheckEnabled=true backlogQuotaCheckIntervalInSeconds=60 backlogQuotaDefaultLimitGB=-1 backlogQuotaDefaultRetentionPolicy=producer_request_hold ttlDurationDefaultInSeconds=0 allowAutoTopicCreation=true allowAutoTopicCreationType=non-partitioned allowAutoSubscriptionCreation=true defaultNumPartitions=1 brokerDeleteInactiveTopicsEnabled=true brokerDeleteInactiveTopicsFrequencySeconds=60 brokerDeleteInactiveTopicsMode=delete_when_no_subscriptions brokerDeleteInactivePartitionedTopicMetadataEnabled=false brokerDeleteInactiveTopicsMaxInactiveDurationSeconds= maxPendingPublishdRequestsPerConnection=1000 messageExpiryCheckIntervalInMinutes=5 activeConsumerFailoverDelayTimeMillis=1000 subscriptionExpirationTimeMinutes=0 subscriptionRedeliveryTrackerEnabled=true subscriptionExpiryCheckIntervalInMinutes=5 subscriptionKeySharedEnable=true subscriptionKeySharedUseConsistentHashing=false subscriptionKeySharedConsistentHashingReplicaPoints=100 brokerDeduplicationEnabled=false brokerDeduplicationMaxNumberOfProducers=10000 brokerDeduplicationSnapshotFrequencyInSeconds=10 brokerDeduplicationSnapshotIntervalSeconds=120 brokerDeduplicationEntriesInterval=1000 brokerDeduplicationProducerInactivityTimeoutMinutes=360 defaultNumberOfNamespaceBundles=4 maxNamespacesPerTenant=0 clientLibraryVersionCheckEnabled=false statusFilePath= preferLaterVersions=false maxUnackedMessagesPerConsumer=50000 maxUnackedMessagesPerSubscription=200000 maxUnackedMessagesPerBroker=0 maxUnackedMessagesPerSubscriptionOnBrokerBlocked=0.16 topicPublisherThrottlingTickTimeMillis=10 brokerPublisherThrottlingTickTimeMillis=50 brokerPublisherThrottlingMaxMessageRate=0 brokerPublisherThrottlingMaxByteRate=0 maxPublishRatePerTopicInMessages=0 maxPublishRatePerTopicInBytes=0 subscribeThrottlingRatePerConsumer=0 subscribeRatePeriodPerConsumerInSecond=30 dispatchThrottlingRatePerTopicInMsg=0 dispatchThrottlingRatePerTopicInByte=0 dispatchThrottlingRatePerSubscriptionInMsg=0 dispatchThrottlingRatePerSubscriptionInByte=0 dispatchThrottlingRatePerReplicatorInMsg=0 dispatchThrottlingRatePerReplicatorInByte=0 dispatchThrottlingRateRelativeToPublishRate=false dispatchThrottlingOnNonBacklogConsumerEnabled=true dispatcherMaxReadBatchSize=100 dispatcherMaxReadSizeBytes=5242880 dispatcherMinReadBatchSize=1 dispatcherMaxRoundRobinBatchSize=20 preciseDispatcherFlowControl=false maxConcurrentLookupRequest=50000 maxConcurrentTopicLoadRequest=5000 maxConcurrentNonPersistentMessagePerConnection=1000 numWorkerThreadsForNonPersistentTopic=8 enablePersistentTopics=true enableNonPersistentTopics=true enableRunBookieTogether=false enableRunBookieAutoRecoveryTogether=false maxProducersPerTopic=0 encryptionRequireOnProducer=false maxConsumersPerTopic=0 maxSubscriptionsPerTopic=0 maxConsumersPerSubscription=0 maxMessageSize=5242880 brokerServiceCompactionMonitorIntervalInSeconds=60 delayedDeliveryEnabled=true delayedDeliveryTickTimeMillis=1000 acknowledgmentAtBatchIndexLevelEnabled=false enableReplicatedSubscriptions=true replicatedSubscriptionsSnapshotFrequencyMillis=1000 replicatedSubscriptionsSnapshotTimeoutSeconds=30 replicatedSubscriptionsSnapshotMaxCachedPerSubscription=10 maxMessagePublishBufferSizeInMB= messagePublishBufferCheckIntervalInMillis=100 retentionCheckIntervalInSeconds=120 maxNumPartitionsPerPartitionedTopic=0 zookeeperSessionExpiredPolicy=shutdown systemTopicEnabled=false topicLevelPoliciesEnabled=false topicFencingTimeoutSeconds=0 proxyRoles= authenticateOriginalAuthData=false tlsEnabled=false tlsCertRefreshCheckDurationSec=300 tlsCertificateFilePath= tlsKeyFilePath= tlsTrustCertsFilePath= tlsAllowInsecureConnection=false tlsProtocols= tlsCiphers= tlsRequireTrustedClientCertOnConnect=false tlsEnabledWithKeyStore=false tlsProvider= tlsKeyStoreType=JKS tlsKeyStore= tlsKeyStorePassword= tlsTrustStoreType=JKS tlsTrustStore= tlsTrustStorePassword= brokerClientTlsEnabledWithKeyStore=false brokerClientSslProvider= brokerClientTlsTrustStoreType=JKS brokerClientTlsTrustStore= brokerClientTlsTrustStorePassword= brokerClientTlsCiphers= brokerClientTlsProtocols= authenticationEnabled=true authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderSasl authenticationRefreshCheckSeconds=60 authorizationEnabled=true authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider authorizationAllowWildcardsMatching=true superUserRoles=proxy/[email protected],client/[email protected],client/[email protected],[email protected][email protected] brokerClientTlsEnabled=false brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl brokerClientAuthenticationParameters={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"} brokerClientTrustCertsFilePath= athenzDomainNames= anonymousUserRole= tokenSecretKey= tokenPublicKey= tokenAuthClaim= tokenAudienceClaim= tokenAudience= saslJaasClientAllowedIds=.*[a-zA-Z].* saslJaasBrokerSectionName=PulsarBroker httpMaxRequestSize=-1 httpRequestsLimitEnabled=false httpRequestsMaxPerSecond=100.0 bookkeeperMetadataServiceUri= bookkeeperClientAuthenticationPlugin=org.apache.bookkeeper.sasl.SASLClientProviderFactory bookkeeperClientAuthenticationParametersName= bookkeeperClientAuthenticationParameters= bookkeeperClientTimeoutInSeconds=30 bookkeeperClientSpeculativeReadTimeoutInMillis=0 bookkeeperNumberOfChannelsPerBookie=16 bookkeeperUseV2WireProtocol=true bookkeeperClientHealthCheckEnabled=true bookkeeperClientHealthCheckIntervalSeconds=60 bookkeeperClientHealthCheckErrorThresholdPerInterval=5 bookkeeperClientHealthCheckQuarantineTimeInSeconds=1800 bookkeeperClientQuarantineRatio=1.0 bookkeeperGetBookieInfoIntervalSeconds=86400 bookkeeperGetBookieInfoRetryIntervalSeconds=60 bookkeeperClientRackawarePolicyEnabled=true bookkeeperClientRegionawarePolicyEnabled=false bookkeeperClientMinNumRacksPerWriteQuorum=2 bookkeeperClientEnforceMinNumRacksPerWriteQuorum=false bookkeeperClientReorderReadSequenceEnabled=false bookkeeperClientIsolationGroups= bookkeeperClientSecondaryIsolationGroups= bookkeeperClientMinAvailableBookiesInIsolationGroups= bookkeeperEnableStickyReads=false bookkeeperTLSProviderFactoryClass=org.apache.bookkeeper.tls.TLSContextFactory bookkeeperTLSClientAuthentication=false bookkeeperTLSKeyFileType=PEM bookkeeperTLSTrustCertTypes=PEM bookkeeperTLSKeyStorePasswordPath= bookkeeperTLSTrustStorePasswordPath= bookkeeperTLSKeyFilePath= bookkeeperTLSCertificateFilePath= bookkeeperTLSTrustCertsFilePath= bookkeeperDiskWeightBasedPlacementEnabled=false bookkeeperExplicitLacIntervalInMills=0 managedLedgerDefaultEnsembleSize=2 managedLedgerDefaultWriteQuorum=2 managedLedgerDefaultAckQuorum=2 managedLedgerCursorPositionFlushSeconds = 60 managedLedgerDigestType=CRC32C managedLedgerNumWorkerThreads=8 managedLedgerNumSchedulerThreads=8 managedLedgerCacheSizeMB= managedLedgerCacheCopyEntries=false managedLedgerCacheEvictionWatermark=0.9 managedLedgerCacheEvictionFrequency=100.0 managedLedgerCacheEvictionTimeThresholdMillis=1000 managedLedgerCursorBackloggedThreshold=1000 managedLedgerDefaultMarkDeleteRateLimit=1.0 managedLedgerMaxEntriesPerLedger=50000 managedLedgerMinLedgerRolloverTimeMinutes=10 managedLedgerMaxLedgerRolloverTimeMinutes=240 managedLedgerMaxSizePerLedgerMbytes=2048 managedLedgerOffloadDeletionLagMs=14400000 managedLedgerOffloadAutoTriggerSizeThresholdBytes=-1 managedLedgerCursorMaxEntriesPerLedger=50000 managedLedgerCursorRolloverTimeInSeconds=14400 managedLedgerMaxUnackedRangesToPersist=10000 managedLedgerMaxUnackedRangesToPersistInZooKeeper=1000 autoSkipNonRecoverableData=false lazyCursorRecovery=false managedLedgerMetadataOperationsTimeoutSeconds=60 managedLedgerReadEntryTimeoutSeconds=0 managedLedgerAddEntryTimeoutSeconds=0 managedLedgerPrometheusStatsLatencyRolloverSeconds=60 managedLedgerTraceTaskExecution=true managedLedgerNewEntriesCheckDelayInMillis=10 loadBalancerEnabled=true loadBalancerReportUpdateThresholdPercentage=10 loadBalancerReportUpdateMaxIntervalMinutes=15 loadBalancerHostUsageCheckIntervalMinutes=1 loadBalancerSheddingEnabled=true loadBalancerSheddingIntervalMinutes=1 loadBalancerSheddingGracePeriodMinutes=30 loadBalancerBrokerMaxTopics=50000 loadBalancerBrokerOverloadedThresholdPercentage=85 loadBalancerResourceQuotaUpdateIntervalMinutes=15 loadBalancerAutoBundleSplitEnabled=true loadBalancerAutoUnloadSplitBundlesEnabled=true loadBalancerNamespaceBundleMaxTopics=1000 loadBalancerNamespaceBundleMaxSessions=1000 loadBalancerNamespaceBundleMaxMsgRate=30000 loadBalancerNamespaceBundleMaxBandwidthMbytes=100 loadBalancerNamespaceMaximumBundles=128 loadBalancerOverrideBrokerNicSpeedGbps= loadManagerClassName=org.apache.pulsar.broker.loadbalance.impl.ModularLoadManagerImpl supportedNamespaceBundleSplitAlgorithms=range_equally_divide,topic_count_equally_divide defaultNamespaceBundleSplitAlgorithm=range_equally_divide loadBalancerLoadSheddingStrategy=org.apache.pulsar.broker.loadbalance.impl.OverloadShedder loadBalancerBrokerThresholdShedderPercentage=10 loadBalancerHistoryResourcePercentage=0.9 loadBalancerBandwithInResourceWeight=1.0 loadBalancerBandwithOutResourceWeight=1.0 loadBalancerCPUResourceWeight=1.0 loadBalancerMemoryResourceWeight=1.0 loadBalancerDirectMemoryResourceWeight=1.0 loadBalancerBundleUnloadMinThroughputThreshold=10 replicationMetricsEnabled=true replicationConnectionsPerBroker=16 replicationProducerQueueSize=1000 replicatorPrefix=pulsar.repl replicationPolicyCheckDurationSeconds=600 defaultRetentionTimeInMinutes=0 defaultRetentionSizeInMB=0 keepAliveIntervalSeconds=30 bootstrapNamespaces= webSocketServiceEnabled=false webSocketNumIoThreads=8 webSocketConnectionsPerBroker=8 webSocketSessionIdleTimeoutMillis=300000 webSocketMaxTextFrameSize=1048576 exposeTopicLevelMetricsInPrometheus=true exposeConsumerLevelMetricsInPrometheus=false functionsWorkerEnabled=false exposePublisherStats=true statsUpdateFrequencyInSecs=60 statsUpdateInitialDelayInSecs=60 exposePreciseBacklogInPrometheus=false schemaRegistryStorageClassName=org.apache.pulsar.broker.service.schema.BookkeeperSchemaStorageFactory isSchemaValidationEnforced=false offloadersDirectory=/opt/brokers2/offloaders managedLedgerOffloadDriver=filesystem managedLedgerOffloadMaxThreads=2 managedLedgerOffloadPrefetchRounds=1 managedLedgerUnackedRangesOpenCacheSetEnabled=true s3ManagedLedgerOffloadRegion= s3ManagedLedgerOffloadBucket= s3ManagedLedgerOffloadServiceEndpoint= s3ManagedLedgerOffloadMaxBlockSizeInBytes=67108864 s3ManagedLedgerOffloadReadBufferSizeInBytes=1048576 gcsManagedLedgerOffloadRegion= gcsManagedLedgerOffloadBucket= gcsManagedLedgerOffloadMaxBlockSizeInBytes=67108864 gcsManagedLedgerOffloadReadBufferSizeInBytes=1048576 gcsManagedLedgerOffloadServiceAccountKeyFile= fileSystemProfilePath=../conf/filesystem_offload_core_site.xml fileSystemURI=hdfs://10.2.177.48:9000 globalZookeeperServers= replicationTlsEnabled=false brokerServicePurgeInactiveFrequencyInSeconds=60 transactionCoordinatorEnabled=false transactionMetadataStoreProviderClassName=org.apache.pulsar.transaction.coordinator.impl.MLTransactionMetadataStoreProvider -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
