Hello, I use Flink 1.11.2 in Yarn cluster mode. I’ve followed the instructions listed here (https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/security/security-ssl/ <https://nightlies.apache.org/flink/flink-docs-master/docs/deployment/security/security-ssl/%20> ) to turn on internal SSL:
$ keytool -genkeypair \ -alias flink.internal \ -keystore internal.keystore \ -dname "CN=flink.internal" \ -storepass internal_store_password \ -keyalg RSA \ -keysize 4096 \ -storetype PKCS12 security.ssl.internal.enabled: true security.ssl.internal.keystore: /path/to/flink/conf/internal.keystore security.ssl.internal.truststore: /path/to/flink/conf/internal.keystore security.ssl.internal.keystore-password: internal_store_password security.ssl.internal.truststore-password: internal_store_password security.ssl.internal.key-password: internal_store_password I’ve shipped the keystore on every node, and get no error from keystore reading. However the application fails to start (stuck in initializing step), with the only error log in Yarn containers : 15:49:46.397 [main-EventThread] ERROR org.apache.flink.shaded.curator4.org.apache.curator.ConnectionState - Authentication failed Could you please explain me what this “zookeeper” curator connection does and why it no longer works when enabling internal SSL ? Best regards, Arnaud ________________________________ L'intégrité de ce message n'étant pas assurée sur internet, la société expéditrice ne peut être tenue responsable de son contenu ni de ses pièces jointes. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur. The integrity of this message cannot be guaranteed on the Internet. The company that sent this message cannot therefore be held liable for its content nor attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.
