You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Aravindan Vijayan <av...@hortonworks.com> on 2015/12/15 03:58:04 UTC
Review Request 41389: AMBARI-14378 : Issue with setting zookeeper
quorum to localhost in Kerberized env
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41389/
-----------------------------------------------------------
Review request for Ambari, Dmytro Sen, Sumit Mohanty, and Sid Wagle.
Bugs: AMBARI-14378
https://issues.apache.org/jira/browse/AMBARI-14378
Repository: ambari
Description
-------
PROBLEM
On a secure cluster with AMS is in distributed mode, the following exception is seen on AMS start:
0.1:61181. Will attempt to SASL-authenticate using Login Context section 'Client'
2015-12-14 23:39:18,810 INFO zookeeper.Login (Login.java:getRefreshTime(301)) - [Thread-9] TGT valid starting at: Mon Dec 14 23:39:18 UTC 2015
2015-12-14 23:39:18,810 INFO zookeeper.Login (Login.java:getRefreshTime(302)) - [Thread-9] TGT expires: Tue Dec 15 23:39:18 UTC 2015
2015-12-14 23:39:18,810 INFO zookeeper.Login (Login.java:run(181)) - [Thread-9] TGT refresh sleeping until: Tue Dec 15 19:05:57 UTC 2015
2015-12-14 23:39:18,837 INFO zookeeper.ClientCnxn (ClientCnxn.java:primeConnection(852)) - [main-SendThread(localhost:61181)] Socket connection established to localhost/127.0.0.1:61181, initiating session
2015-12-14 23:39:18,965 INFO zookeeper.ClientCnxn (ClientCnxn.java:onConnected(1235)) - [main-SendThread(localhost:61181)] Session establishment complete on server localhost/127.0.0.1:61181, sessionid = 0x151a2dcbfd50000, negotiated timeout = 120000
2015-12-14 23:39:19,030 ERROR client.ZooKeeperSaslClient (ZooKeeperSaslClient.java:createSaslToken(384)) - [main-SendThread(localhost:61181)] An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state.
FIX
zookeeper.quorum.hosts needs to be the fully qualified hostname of the AMS host instead of just "localhost" for distributed mode.
Diffs
-----
ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py 9125a01
Diff: https://reviews.apache.org/r/41389/diff/
Testing
-------
Manual testing done on secure and unsecure cluster.
Python unit tests pass.
Thanks,
Aravindan Vijayan
Re: Review Request 41389: AMBARI-14378 : Issue with setting zookeeper
quorum to localhost in Kerberized env
Posted by Sid Wagle <sw...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/41389/#review110377
-----------------------------------------------------------
Ship it!
Ship It!
- Sid Wagle
On Dec. 15, 2015, 2:58 a.m., Aravindan Vijayan wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/41389/
> -----------------------------------------------------------
>
> (Updated Dec. 15, 2015, 2:58 a.m.)
>
>
> Review request for Ambari, Dmytro Sen, Sumit Mohanty, and Sid Wagle.
>
>
> Bugs: AMBARI-14378
> https://issues.apache.org/jira/browse/AMBARI-14378
>
>
> Repository: ambari
>
>
> Description
> -------
>
> PROBLEM
>
> On a secure cluster with AMS is in distributed mode, the following exception is seen on AMS start:
>
> 0.1:61181. Will attempt to SASL-authenticate using Login Context section 'Client'
> 2015-12-14 23:39:18,810 INFO zookeeper.Login (Login.java:getRefreshTime(301)) - [Thread-9] TGT valid starting at: Mon Dec 14 23:39:18 UTC 2015
> 2015-12-14 23:39:18,810 INFO zookeeper.Login (Login.java:getRefreshTime(302)) - [Thread-9] TGT expires: Tue Dec 15 23:39:18 UTC 2015
> 2015-12-14 23:39:18,810 INFO zookeeper.Login (Login.java:run(181)) - [Thread-9] TGT refresh sleeping until: Tue Dec 15 19:05:57 UTC 2015
> 2015-12-14 23:39:18,837 INFO zookeeper.ClientCnxn (ClientCnxn.java:primeConnection(852)) - [main-SendThread(localhost:61181)] Socket connection established to localhost/127.0.0.1:61181, initiating session
> 2015-12-14 23:39:18,965 INFO zookeeper.ClientCnxn (ClientCnxn.java:onConnected(1235)) - [main-SendThread(localhost:61181)] Session establishment complete on server localhost/127.0.0.1:61181, sessionid = 0x151a2dcbfd50000, negotiated timeout = 120000
> 2015-12-14 23:39:19,030 ERROR client.ZooKeeperSaslClient (ZooKeeperSaslClient.java:createSaslToken(384)) - [main-SendThread(localhost:61181)] An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state.
>
>
> FIX
> zookeeper.quorum.hosts needs to be the fully qualified hostname of the AMS host instead of just "localhost" for distributed mode.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/AMBARI_METRICS/0.1.0/package/scripts/params.py 9125a01
>
> Diff: https://reviews.apache.org/r/41389/diff/
>
>
> Testing
> -------
>
> Manual testing done on secure and unsecure cluster.
>
> Python unit tests pass.
>
>
> Thanks,
>
> Aravindan Vijayan
>
>