You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/11/07 03:07:51 UTC
[GitHub] [pulsar] ChangWinde opened a new issue #5580: error when using
pulsar-client with Kerberos
ChangWinde opened a new issue #5580: error when using pulsar-client with Kerberos
URL: https://github.com/apache/pulsar/issues/5580
**Describe the bug**
I use kerberos in pulsar. And I want use pulsar cli tools, but occuring some error.
**To Reproduce**
Steps to reproduce the behavior:
bin/pulsar-client produce -m "dog" -n 10 persistent://test-tenant/test-sp/test-topic-partition-0
**Screenshots**
10:54:34.862 [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.ProducerStatsRecorderImpl - Starting Pulsar producer perf with config: {
"topicName" : "persistent://test-tenant/test-sp/test-topic-partition-0",
"producerName" : null,
"sendTimeoutMs" : 30000,
"blockIfQueueFull" : false,
"maxPendingMessages" : 1000,
"maxPendingMessagesAcrossPartitions" : 50000,
"messageRoutingMode" : "RoundRobinPartition",
"hashingScheme" : "JavaStringHash",
"cryptoFailureAction" : "FAIL",
"batchingMaxPublishDelayMicros" : 1000,
"batchingMaxMessages" : 1000,
"batchingEnabled" : true,
"batcherBuilder" : { },
"compressionType" : "NONE",
"initialSequenceId" : null,
"autoUpdatePartitions" : true,
"properties" : { }
}
10:54:34.864 [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.ProducerStatsRecorderImpl - Pulsar client config: {
"serviceUrl" : "pulsar://localhost:6650/",
"authPluginClassName" : null,
"authParams" : null,
"operationTimeoutMs" : 30000,
"statsIntervalSeconds" : 60,
"numIoThreads" : 1,
"numListenerThreads" : 1,
"connectionsPerBroker" : 1,
"useTcpNoDelay" : true,
"useTls" : false,
"tlsTrustCertsFilePath" : "",
"tlsAllowInsecureConnection" : false,
"tlsHostnameVerificationEnable" : false,
"concurrentLookupRequest" : 5000,
"maxLookupRequest" : 50000,
"maxNumberOfRejectedRequestPerConnection" : 50,
"keepAliveIntervalSeconds" : 30,
"connectionTimeoutMs" : 10000,
"requestTimeoutMs" : 60000,
"defaultBackoffIntervalNanos" : 100000000,
"maxBackoffIntervalNanos" : 30000000000
}
10:54:34.882 [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.ConnectionPool - [[id: 0xc7a6a676, L:/10.31.26.18:36758 - R:10.31.26.18/10.31.26.18:6650]] Connected to server
10:54:34.882 [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.auth.PulsarSaslClient - Using JAAS/SASL/GSSAPI auth to connect to server Principal broker/hadoop.hakafka.com,
10:54:34.882 [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.auth.PulsarSaslClient - 即将创建一个新的SaslClient,clientPrincipal=brokerclient/hadoop.hakafka.com@HAKAFKA.COM,servicePrincipal=broker/hadoop.hakafka.com
10:54:34.889 [pulsar-client-io-1-1] INFO org.apache.pulsar.client.impl.ProducerImpl - [persistent://test-tenant/test-sp/test-topic-partition-0] [null] Creating producer on cnx [id: 0xc7a6a676, L:/10.31.26.18:36758 - R:10.31.26.18/10.31.26.18:6650]
10:54:34.901 [pulsar-client-io-1-1] WARN org.apache.pulsar.client.impl.ClientCnx - [id: 0xc7a6a676, L:/10.31.26.18:36758 - R:10.31.26.18/10.31.26.18:6650] Received error from server: org.apache.bookkeeper.mledger.ManagedLedgerException: Attempted to access ledger using the wrong password
10:54:34.902 [pulsar-client-io-1-1] ERROR org.apache.pulsar.client.impl.ProducerImpl - [persistent://test-tenant/test-sp/test-topic-partition-0] [null] Failed to create producer: org.apache.bookkeeper.mledger.ManagedLedgerException: Attempted to access ledger using the wrong password
10:54:34.903 [main] ERROR org.apache.pulsar.client.cli.PulsarClientTool - Error while producing messages
10:54:34.903 [main] ERROR org.apache.pulsar.client.cli.PulsarClientTool - org.apache.bookkeeper.mledger.ManagedLedgerException: Attempted to access ledger using the wrong password
org.apache.pulsar.client.api.PulsarClientException$BrokerPersistenceException: org.apache.bookkeeper.mledger.ManagedLedgerException: Attempted to access ledger using the wrong password
**Additional context**
client.conf:
authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationSasl
authParams={"saslJaasClientSectionName":"PulsarClient", "serverType":"broker"}
pulsar_tools_env.sh:
PULSAR_EXTRA_OPTS="${PULSAR_EXTRA_OPTS} ${PULSAR_MEM} ${PULSAR_GC} -Dio.netty.leakDetectionLevel=disabled -Djava.security.auth.login.config=/home/pulsar/krbConfig/jaasFiles/pulsar_jaas.conf -Djava.security.krb5.conf=/home/pulsar/krbConfig/krb5.conf"
pulsar_jaas.conf:
PulsarBroker {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/home/pulsar/krbConfig/keytabs/broker.keytab"
principal="broker/hadoop.hakafka.com@HAKAFKA.COM";
};
PulsarClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/home/pulsar/krbConfig/keytabs/pulsarclient.keytab"
principal="brokerclient/hadoop.hakafka.com@HAKAFKA.COM";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/home/pulsar/krbConfig/keytabs/zkClient.keytab"
principal="zkcli/hadoop.hakafka.com@HAKAFKA.COM";
};
BookKeeper {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
useTicketCache=false
keyTab="/home/pulsar/krbConfig/keytabs/bkClient.keytab"
principal="bookkeepercli/hadoop.hakafka.com@HAKAFKA.COM";
};
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services