You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2017/11/23 01:04:00 UTC
[jira] [Commented] (AMBARI-22505) Kafka service check fails when
using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16263638#comment-16263638 ]
Hadoop QA commented on AMBARI-22505:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12898964/AMBARI-22505_branch2.6.patch
against trunk revision .
{color:red}-1 patch{color}. The patch command could not apply the patch.
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/12726//console
This message is automatically generated.
> Kafka service check fails when using a non-root user in kerberized environment
> ------------------------------------------------------------------------------
>
> Key: AMBARI-22505
> URL: https://issues.apache.org/jira/browse/AMBARI-22505
> Project: Ambari
> Issue Type: Bug
> Components: stacks
> Affects Versions: 2.6.0
> Reporter: Yolanda M. Davis
> Assignee: Yolanda M. Davis
> Attachments: AMBARI-22505.patch, AMBARI-22505_branch2.6.patch
>
>
> When Ambari agents are configured to run with a non-root user, if kerberos is enabled, Kafka service check experiences errors in the logs which indicate that the check is attempting to create a topic that already exists. However the true failure, which isn't in the logs but captured in an error variable, demonstrates the culprit (see below):
> [2017-11-22 05:12:57,029] WARN SASL configuration failed: javax.security.auth.login.LoginException: No password provided Will continue connection to Zookeeper server without SASL authentication, if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
> Exception in thread "main" org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure
> at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947)
> at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924)
> at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231)
> at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:157)
> at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:131)
> at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115)
> at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97)
> at kafka.admin.TopicCommand$.main(TopicCommand.scala:56)
> at kafka.admin.TopicCommand.main(TopicCommand.scala)
> This occurs because a prior check to see if the topic exists is not executed as the kafka user. A subsequent call to create the topic does execute as that user. The first check should also execute as the kakfa user. Also Ambari should immediately raise a failure if an error occurs during the topic check and show that error in the logs.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)