Does Java security manager work with Dockerized SDC?
Hi, I have big headache when enabling java security manger in SDC container. I have the issue reported in github. https://github.com/streamsets/datacol...
Can somebody kindly help me?
I have edit the sdc-security.policy by appending text:
grant codebase "file:///persistent/nsc_sdc/liyi/ns/libs/-" {
permission java.security.AllPermission;
};
grant codebase "file:///persistent/nsc_sdc/input/-" {
permission java.security.AllPermission;
};
grant codebase "file:///persistent/nsc_sdc/output/-" {
permission java.security.AllPermission;
};
However, this seems not helping, and below is my sdc.log output:
2019-02-06 09:52:32,634 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - -----------------------------------------------------------------
2019-02-06 09:52:32,636 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Build info:
2019-02-06 09:52:32,636 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Version : 3.7.1
2019-02-06 09:52:32,636 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Date : 2019-01-11T00:39Z
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Built by : ubuntu
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Repo SHA : 7794ed15f51489d083022b6c823000ec9831f693
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Source MD5 : ca4c16c35ae9d9ab4fc8e38c20983077
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - -----------------------------------------------------------------
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Runtime info:
2019-02-06 09:52:32,637 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Java version : 1.8.0_192-b12
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - SDC ID : dcb5d92c-2948-11e9-ae65-8594ed7aecd3
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Runtime dir : /opt/streamsets-datacollector-3.7.1
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Config dir : /persistent/nsc_sdc/liyi/ns/conf
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Data dir : /persistent/nsc_sdc/liyi/ns/data
2019-02-06 09:52:32,638 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Log dir : /logs
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Extra Libs dir: /persistent/nsc_sdc/liyi/ns/libs/extras
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - -----------------------------------------------------------------
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Security Manager : ENABLED, policy file: file:///persistent/nsc_sdc/liyi/ns/conf/sdc-security.policy, implementation: java.lang.SecurityManager
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - -----------------------------------------------------------------
2019-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Starting ...
2019-02-06 09:52:32,644 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - -----------------------------------------------------------------
2019-02-06 09:52:32,644 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Kerberos enabled: false
2019-02-06 09:52:32,651 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Unlimited cryptography enabled: true
2019-02-06 09:52:32,651 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - -----------------------------------------------------------------
2019-02-06 09:52:32,651 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Starting ...
2019-02-06 09:52:32,657 [user ...
Can you edit your question to include the entire content of sdc-security.policy and also its path?
Are you using a custom written stage? If so, what is the path to the jar location?
Sorry metadaddy, the Log is not really readable: 19-02-06 09:52:32,639 [user:] [pipeline:] [runner:] [thread:main] [stage:] INFO Main - Security Manager : ENABLED, policy file: file:///persistent/nsc_sdc/liyi/ns/conf/sdc-security.policy, implementation: java.lang.SecurityManager
The content of sdc-security.policy is the same as default one except I have append the lines I wrote above.
@jeff I did not use any custom written staging lib. However, I prepare for doing so. So I overwrite the default staging lib path by exporting env variables. You may notice this at the beginning of the logs. Before sdc start, I symbolic link staging lib into my new path.