You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@storm.apache.org by Andrey Dudin <do...@gmail.com> on 2016/03/18 22:58:20 UTC
Kerberos for storm ui
Hi guys.
I try to configure Kerberos for Storm.
I use storm 0.10.
Now I try configure only UI, without other components.
I add to config:
ui.filter:
"org.apache.hadoop.security.authentication.server.AuthenticationFilter"
ui.filter.params:
"type": "kerberos"
"kerberos.principal": "HTTP/%myhostname%"
"kerberos.keytab": "%mykeytab%"
"kerberos.name.rules": "DEFAULT"
Generate keytab, and SPN.
But when I start UI, I getting error:
javax.security.auth.login.LoginException: No key to store
*Full stacktrace:*
2016-03-16 15:54:49.265 o.a.s.s.o.e.j.u.c.AbstractLifeCycle [WARN] FAILED
o.a.s.s.o.e.j.s.ServletContextHandler{/,null}:
javax.servlet.ServletException: org.apache
.hadoop.security.authentication.client.AuthenticationException:
javax.security.auth.login.LoginException: No key to store
javax.servlet.ServletException:
org.apache.hadoop.security.authentication.client.AuthenticationException:
javax.security.auth.login.LoginException: No key to store
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:240)
~[hadoop-auth-2.7.2.jar:?]
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:238)
~[hadoop-auth-2.7.2.jar:?]
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:227)
~[hadoop-auth-2.7.2.jar:?]
at
org.apache.storm.shade.org.eclipse.jetty.servlet.FilterHolder.doStart(FilterHolder.java:107)
~[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:707)
~[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:254)
~[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:689)
~[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.server.Server.doStart(Server.java:281)
[storm-core-0.10.0.jar:0.10.0]
at
org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
[storm-core-0.10.0.jar:0.10.0]
at
backtype.storm.ui.helpers$storm_run_jetty.invoke(helpers.clj:228)
[storm-core-0.10.0.jar:0.10.0]
at backtype.storm.ui.core$start_server_BANG_.invoke(core.clj:1091)
[storm-core-0.10.0.jar:0.10.0]
at backtype.storm.ui.core$_main.invoke(core.clj:1111)
[storm-core-0.10.0.jar:0.10.0]
at clojure.lang.AFn.applyToHelper(AFn.java:152)
[clojure-1.6.0.jar:?]
at clojure.lang.AFn.applyTo(AFn.java:144) [clojure-1.6.0.jar:?]
at backtype.storm.ui.core.main(Unknown Source)
[storm-core-0.10.0.jar:0.10.0]
Caused by:
org.apache.hadoop.security.authentication.client.AuthenticationException:
javax.security.auth.login.LoginException: No key to store
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:224)
~[hadoop-auth-2.7.2.jar:?]
... 17 more
Caused by: javax.security.auth.login.LoginException: No key to store
at
com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1119)
~[?:1.8.0_60]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[?:1.8.0_60]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
~[?:1.8.0_60]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
~[?:1.8.0_60]
at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_60]
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
~[?:1.8.0_60]
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
~[?:1.8.0_60]
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
~[?:1.8.0_60]
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
~[?:1.8.0_60]
at java.security.AccessController.doPrivileged(Native Method)
~[?:1.8.0_60]
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
~[?:1.8.0_60]
at
javax.security.auth.login.LoginContext.login(LoginContext.java:588)
~[?:1.8.0_60]
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:221)
~[hadoop-auth-2.7.2.jar:?]
... 17 more
Did anyone who know whats wrong?
--
С уважением Дудин Андрей
Re: Kerberos for storm ui
Posted by Andrey Dudin <do...@gmail.com>.
Hi.
Yes, under storm user I run kinit before start Storm ui.
понедельник, 21 марта 2016 г. пользователь Harsha написал:
>
> Did you try using kinit with the keytab . Make sure its the same unix user
> who is running storm UI
>
> On Fri, Mar 18, 2016, at 02:58 PM, Andrey Dudin wrote:
>
> Hi guys.
>
> I try to configure Kerberos for Storm.
> I use storm 0.10.
> Now I try configure only UI, without other components.
>
>
> I add to config:
> ui.filter:
> "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
> ui.filter.params:
> "type": "kerberos"
> "kerberos.principal": "HTTP/%myhostname%"
> "kerberos.keytab": "%mykeytab%"
> "kerberos.name.rules": "DEFAULT"
>
>
> Generate keytab, and SPN.
>
>
> But when I start UI, I getting error:
>
> javax.security.auth.login.LoginException: No key to store
>
>
> *Full stacktrace:*
>
> 2016-03-16 15:54:49.265 o.a.s.s.o.e.j.u.c.AbstractLifeCycle [WARN] FAILED
> o.a.s.s.o.e.j.s.ServletContextHandler{/,null}:
> javax.servlet.ServletException: org.apache
>
> .hadoop.security.authentication.client.AuthenticationException:
> javax.security.auth.login.LoginException: No key to store
> javax.servlet.ServletException:
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> javax.security.auth.login.LoginException: No key to store
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:240)
> ~[hadoop-auth-2.7.2.jar:?]
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:238)
> ~[hadoop-auth-2.7.2.jar:?]
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:227)
> ~[hadoop-auth-2.7.2.jar:?]
> at
> org.apache.storm.shade.org.eclipse.jetty.servlet.FilterHolder.doStart(FilterHolder.java:107)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:707)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:254)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:689)
> ~[storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.server.Server.doStart(Server.java:281)
> [storm-core-0.10.0.jar:0.10.0]
> at
> org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
> [storm-core-0.10.0.jar:0.10.0]
> at
> backtype.storm.ui.helpers$storm_run_jetty.invoke(helpers.clj:228)
> [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.core$start_server_BANG_.invoke(core.clj:1091)
> [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.core$_main.invoke(core.clj:1111)
> [storm-core-0.10.0.jar:0.10.0]
> at clojure.lang.AFn.applyToHelper(AFn.java:152)
> [clojure-1.6.0.jar:?]
> at clojure.lang.AFn.applyTo(AFn.java:144) [clojure-1.6.0.jar:?]
> at backtype.storm.ui.core.main(Unknown Source)
> [storm-core-0.10.0.jar:0.10.0]
> Caused by:
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> javax.security.auth.login.LoginException: No key to store
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:224)
> ~[hadoop-auth-2.7.2.jar:?]
> ... 17 more
> Caused by: javax.security.auth.login.LoginException: No key to store
> at
> com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1119)
> ~[?:1.8.0_60]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[?:1.8.0_60]
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> ~[?:1.8.0_60]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_60]
> at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> ~[?:1.8.0_60]
> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
> ~[?:1.8.0_60]
> at
> javax.security.auth.login.LoginContext.login(LoginContext.java:588)
> ~[?:1.8.0_60]
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:221)
> ~[hadoop-auth-2.7.2.jar:?]
> ... 17 more
>
>
> Did anyone who know whats wrong?
>
> --
> С уважением Дудин Андрей
>
>
>
--
С уважением Дудин Андрей
Re: Kerberos for storm ui
Posted by Harsha <st...@harsha.io>.
Did you try using kinit with the keytab . Make sure its the same unix
user who is running storm UI
On Fri, Mar 18, 2016, at 02:58 PM, Andrey Dudin wrote:
> Hi guys.
>
> I try to configure Kerberos for Storm.
> I use storm 0.10.
> Now I try configure only UI, without other components.
>
>
> I add to config:
> ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
> ui.filter.params:
> "type": "kerberos"
> "kerberos.principal": "HTTP/%myhostname%"
> "kerberos.keytab": "%mykeytab%"
> "kerberos.name.rules": "DEFAULT"
>
>
> Generate keytab, and SPN.
>
>
> But when I start UI, I getting error:
>
> javax.security.auth.login.LoginException: No key to store
>
> *Full stacktrace:*
> 2016-03-16 15:54:49.265 o.a.s.s.o.e.j.u.c.AbstractLifeCycle [WARN] FAILED o.a.s.s.o.e.j.s.ServletContextHandler{/,null}: javax.servlet.ServletException: org.apache
>
> .hadoop.security.authentication.client.AuthenticationException: javax.security.auth.login.LoginException: No key to store
> javax.servlet.ServletException: org.apache.hadoop.security.authentication.client.AuthenticationException: javax.security.auth.login.LoginException: No key to store
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:240) ~[hadoop-auth-2.7.2.jar:?]
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.initializeAuthHandler(AuthenticationFilter.java:238) ~[hadoop-auth-2.7.2.jar:?]
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:227) ~[hadoop-auth-2.7.2.jar:?]
> at org.apache.storm.shade.org.eclipse.jetty.servlet.FilterHolder.doStart(FilterHolder.java:107) ~[storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) [storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:707) ~[storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:254) ~[storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:689) ~[storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) [storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95) [storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.server.Server.doStart(Server.java:281) [storm-core-0.10.0.jar:0.10.0]
> at org.apache.storm.shade.org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.helpers$storm_run_jetty.invoke(helpers.clj:228) [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.core$start_server_BANG_.invoke(core.clj:1091) [storm-core-0.10.0.jar:0.10.0]
> at backtype.storm.ui.core$_main.invoke(core.clj:1111) [storm-core-0.10.0.jar:0.10.0]
> at clojure.lang.AFn.applyToHelper(AFn.java:152) [clojure-1.6.0.jar:?]
> at clojure.lang.AFn.applyTo(AFn.java:144) [clojure-1.6.0.jar:?]
> at backtype.storm.ui.core.main(Unknown Source) [storm-core-0.10.0.jar:0.10.0]
> Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: javax.security.auth.login.LoginException: No key to store
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:224) ~[hadoop-auth-2.7.2.jar:?]
> ... 17 more
> Caused by: javax.security.auth.login.LoginException: No key to store
> at com.sun.security.auth.module.Krb5LoginModule.commit(Krb5LoginModule.java:1119) ~[?:1.8.0_60]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_60]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_60]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_60]
> at java.lang.reflect.Method.invoke(Method.java:497) ~[?:1.8.0_60]
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_60]
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_60]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_60]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_60]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_60]
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_60]
> at javax.security.auth.login.LoginContext.login(LoginContext.java:588) ~[?:1.8.0_60]
> at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:221) ~[hadoop-auth-2.7.2.jar:?]
> ... 17 more
>
> Did anyone who know whats wrong?
> --
> С уважением Дудин Андрей