Skip to content

AccessControlException when registering an azure repository #25931

New issue
New issue
Closed
Closed
AccessControlException when registering an azure repository#25931
Assignees
Tim-Brooks
Labels
:Distributed Coordination/Snapshot/RestoreAnything directly related to the `_snapshot/*` APIs>bugblocker
@dadoonet

Description

@dadoonet
dadoonet
opened on Jul 27, 2017

Elasticsearch version: 6.0.0-beta1 (545138b)

Plugins installed: [ repository-azure ]

Description of the problem including expected versus actual behavior: Unable to register an azure repository

Steps to reproduce:

  1. Start elasticsearch with:
bin/elasticsearch -Ecloud.azure.storage.default.account=ACCOUNT -Ecloud.azure.storage.default.key=KEY

Or add the following in config/elasticsearch.yml

cloud.azure.storage.default.account: ACCOUNT
cloud.azure.storage.default.key: KEY
  1. Register a repository:
curl -XDELETE 127.0.0.1:9200/_snapshot/azure?pretty
curl -XPUT '127.0.0.1:9200/_snapshot/azure?pretty' -H 'Content-Type: application/json' -d'
{
  "type": "azure"
}'

Provide logs (if relevant):

[2017-07-27T11:47:14,704][WARN ][r.suppressed             ] path: /_snapshot/azure, params: {pretty=, repository=azure}
java.lang.RuntimeException: java.security.AccessControlException: access denied ("java.net.SocketPermission" "dpi24329.blob.core.windows.net:443" "connect,resolve")
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1488) ~[?:?]
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474) ~[?:?]
	at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:3018) ~[?:?]
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:489) ~[?:1.8.0_121]
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) ~[?:?]
	at com.microsoft.azure.storage.StorageException.translateException(StorageException.java:76) ~[?:?]
	at com.microsoft.azure.storage.core.ExecutionEngine.executeWithRetry(ExecutionEngine.java:199) ~[?:?]
	at com.microsoft.azure.storage.blob.CloudBlobContainer.exists(CloudBlobContainer.java:769) ~[?:?]
	at com.microsoft.azure.storage.blob.CloudBlobContainer.exists(CloudBlobContainer.java:756) ~[?:?]
	at com.microsoft.azure.storage.blob.CloudBlobContainer.exists(CloudBlobContainer.java:730) ~[?:?]
	at org.elasticsearch.cloud.azure.storage.AzureStorageServiceImpl.blobExists(AzureStorageServiceImpl.java:237) ~[?:?]
	at org.elasticsearch.cloud.azure.blobstore.AzureBlobStore.blobExists(AzureBlobStore.java:116) ~[?:?]
	at org.elasticsearch.cloud.azure.blobstore.AzureBlobContainer.blobExists(AzureBlobContainer.java:61) ~[?:?]
	at org.elasticsearch.cloud.azure.blobstore.AzureBlobContainer.writeBlob(AzureBlobContainer.java:96) ~[?:?]
	at org.elasticsearch.repositories.blobstore.BlobStoreRepository.startVerification(BlobStoreRepository.java:581) ~[elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.repositories.RepositoriesService.verifyRepository(RepositoriesService.java:211) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.repositories.RepositoriesService$VerifyingRegisterRepositoryListener.onResponse(RepositoriesService.java:414) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.repositories.RepositoriesService$VerifyingRegisterRepositoryListener.onResponse(RepositoriesService.java:399) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.AckedClusterStateUpdateTask.onAllNodesAcked(AckedClusterStateUpdateTask.java:64) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.MasterService$SafeAckedClusterStateTaskListener.onAllNodesAcked(MasterService.java:523) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.MasterService$AckCountDownListener.onNodeAck(MasterService.java:623) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.MasterService$DelegetingAckListener.onNodeAck(MasterService.java:563) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.discovery.zen.ZenDiscovery$1.onNewClusterStateProcessed(ZenDiscovery.java:346) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.discovery.zen.PendingClusterStatesQueue.markAsProcessed(PendingClusterStatesQueue.java:177) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.discovery.zen.ZenDiscovery$3.clusterStateProcessed(ZenDiscovery.java:819) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.ClusterApplierService$SafeClusterStateTaskListener.clusterStateProcessed(ClusterApplierService.java:534) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.ClusterApplierService.applyChanges(ClusterApplierService.java:485) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.ClusterApplierService.runTask(ClusterApplierService.java:426) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.cluster.service.ClusterApplierService$UpdateTask.run(ClusterApplierService.java:155) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingRunnable.run(ThreadContext.java:569) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.runAndClean(PrioritizedEsThreadPoolExecutor.java:247) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at org.elasticsearch.common.util.concurrent.PrioritizedEsThreadPoolExecutor$TieBreakingPrioritizedRunnable.run(PrioritizedEsThreadPoolExecutor.java:210) [elasticsearch-6.0.0-beta1.jar:6.0.0-beta1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_121]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_121]
	at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: java.security.AccessControlException: access denied ("java.net.SocketPermission" "dpi24329.blob.core.windows.net:443" "connect,resolve")
	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_121]
	at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_121]
	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_121]
	at java.lang.SecurityManager.checkConnect(SecurityManager.java:1051) ~[?:1.8.0_121]
	at sun.net.www.http.HttpClient.openServer(HttpClient.java:510) ~[?:?]
	at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:264) ~[?:?]
	at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:367) ~[?:?]
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191) ~[?:?]
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(HttpURLConnection.java:1138) ~[?:?]
	at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:1032) ~[?:?]
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:177) ~[?:?]
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546) ~[?:?]
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474) ~[?:?]
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) ~[?:1.8.0_121]
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338) ~[?:?]
	at com.microsoft.azure.storage.core.ExecutionEngine.executeWithRetry(ExecutionEngine.java:119) ~[?:?]
	... 28 more

Metadata

Metadata

Assignees

Labels

:Distributed Coordination/Snapshot/RestoreAnything directly related to the `_snapshot/*` APIs>bugblocker

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions