Permission error when applying apm (pinpoint) to elasticsearch

Aaron2 · June 15, 2022, 2:41am

hi

I am trying to monitor using apm (pinpoint) in elasticsearch.

To do this, I created custom-policy.policy and specified it when running elasticsearch because it was necessary to grant permission.

(It is not confirmed which one is applied, so both file designation and package designation are used)

But I am getting the same error. Is there anything more I need to do?

elasticsearch version : 7.11.1

custom-policy.policy

grant codeBase "file:/my/apps/pinpoint-agent/-"
{
    permission java.security.AllPermission;
};
grant codeBase "com.navercorp.pinpoint"
{
    permission java.security.AllPermission;
};

PINPOINT_OPTS

-javaagent:/my/apps/pinpoint-agent/pinpoint-bootstrap-2.3.3.jar
-Dpinpoint.agentId=${AGENT_ID}
-Dpinpoint.agentName=${AGENT_NAME}
-Dpinpoint.applicationName=${APPLICATION_NAME}
-Dprofiler.transport.grpc.collector.ip=${PINPOINT_COLLECTOR_IP}

JAVA_OPTS

-Djava.security.policy=file:///my/config/elasticsearch/custom-policy.policy
-Dsecurity.manager.enabled=false

logs

06-15 11:21:42.042 [rt_worker][T#3]] WARN c.n.p.p.i.l.DefaultLambdaBytecodeHandler -- lambda transform fail Caused by:access denied ("java.lang.RuntimePermission" "getClassLoader")
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "getClassLoader")
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
at java.lang.ClassLoader.checkClassLoaderPermission(ClassLoader.java:2060) ~[?:?]
at java.lang.Class.getClassLoader(Class.java:830) ~[?:?]
at com.navercorp.pinpoint.profiler.instrument.lambda.DefaultLambdaBytecodeHandler.handleLambdaBytecode(DefaultLambdaBytecodeHandler.java:43) [pinpoint-profiler-2.3.3.jar:2.3.3]
at com.navercorp.pinpoint.bootstrap.java9.lambda.UnsafeDelegatorJava9.defineAnonymousClass(UnsafeDelegatorJava9.java:55) [?:2.3.3]
at java.lang.invoke.InnerClassLambdaMetafactory.spinInnerClass(InnerClassLambdaMetafactory.java:331) [?:?]
at java.lang.invoke.InnerClassLambdaMetafactory.buildCallSite(InnerClassLambdaMetafactory.java:195) [?:?]
at java.lang.invoke.LambdaMetafactory.metafactory(LambdaMetafactory.java:329) [?:?]
at java.lang.invoke.BootstrapMethodInvoker.invoke(BootstrapMethodInvoker.java:127) [?:?]
at java.lang.invoke.CallSite.makeSite(CallSite.java:307) [?:?]
at java.lang.invoke.MethodHandleNatives.linkCallSiteImpl(MethodHandleNatives.java:258) [?:?]
at java.lang.invoke.MethodHandleNatives.linkCallSite(MethodHandleNatives.java:248) [?:?]
at org.elasticsearch.action.bulk.BulkShardResponse.<init>(BulkShardResponse.java:32) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.action.bulk.TransportShardBulkAction.newResponseInstance(TransportShardBulkAction.java:108) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.action.bulk.TransportShardBulkAction.newResponseInstance(TransportShardBulkAction.java:74) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase$1.read(TransportReplicationAction.java:791) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase$1.read(TransportReplicationAction.java:787) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.TransportService$6.read(TransportService.java:753) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.TransportService$6.read(TransportService.java:733) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.read(TransportService.java:1269) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.read(TransportService.java:1256) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.InboundHandler.handleResponse(InboundHandler.java:223) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.InboundHandler.messageReceived(InboundHandler.java:122) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.InboundHandler.inboundMessage(InboundHandler.java:78) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.TcpTransport.inboundMessage(TcpTransport.java:689) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.InboundPipeline.forwardFragments(InboundPipeline.java:131) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.InboundPipeline.doHandleBytes(InboundPipeline.java:106) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.InboundPipeline.handleBytes(InboundPipeline.java:71) [elasticsearch-7.11.1.jar:7.11.1]
at org.elasticsearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:63) [transport-netty4-client-7.11.1.jar:7.11.1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:271) [netty-handler-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:615) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:578) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493) [netty-transport-4.1.49.Final.jar:4.1.49.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989) [netty-common-4.1.49.Final.jar:4.1.49.Final]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.49.Final.jar:4.1.49.Final]
at java.lang.Thread.run(Thread.java:834) [?:?]


.....


java.security.AccessControlException: access denied ("java.net.NetPermission" "getProxySelector")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?]
    at java.security.AccessController.checkPermission(AccessController.java:897) ~[?:?]
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:322) ~[?:?]
    at java.net.ProxySelector.getDefault(ProxySelector.java:96) ~[?:?]
    at io.grpc.internal.ProxyDetectorImpl$2.get(ProxyDetectorImpl.java:148) ~[?:?]
    at io.grpc.internal.ProxyDetectorImpl$2.get(ProxyDetectorImpl.java:144) ~[?:?]
    at io.grpc.internal.ProxyDetectorImpl.detectProxy(ProxyDetectorImpl.java:231) ~[?:?]
    at io.grpc.internal.ProxyDetectorImpl.proxyFor(ProxyDetectorImpl.java:200) ~[?:?]
    at io.grpc.internal.DnsNameResolver.detectProxy(DnsNameResolver.java:269) ~[?:?]

system · July 13, 2022, 2:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.