You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@phoenix.apache.org by Mallieswari Dineshbabu <dm...@gmail.com> on 2017/10/04 11:18:07 UTC
Cannot connect phoenix client in kerberos cluster
Hi ,
I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
to Hbase version "1.2.5" in kerberos cluster.
For phoenix secure cluster configuration, I have added the following
properties into the *hbase-site.xml* present in *phoenix/bin* along with
the properties of hbase configuration properties present in hbase/conf path
and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path
phoenix.queryserver.keytab.file
The key to look for keytab file.
*unset*
phoenix.queryserver.kerberos.principal
The kerberos principal to use when authenticating.
*unset*
Phoenix Query Server:
Once updated a above properties query server has been started successfully
using keytab.
*Command to Server:*
*python queryserver.py*
Phoenix Client:
Once the query server is started successfully then the port no 8765 comes
to live. When i try to connect client with following command it returns GSS
Exception. Am I missing any steps in configuration.
*Command to Client:*
Following are the methods i tried to connect in secure cluster it does not
works.
*Method 1:* python sqlline-thin.py http://hostname:8765
*Method 2:*
python sqlthin-client.py
http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
<http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
*CLIENT SIDE ERROR:*
x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
Failed to find hbase executable on PATH, defaulting serialization to
PROTOBUF.
[ERROR] Terminal initialization failed; falling back to unsupported
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.phoenix.sh
aded.org.fusesource.jansi.internal.Kernel32
at
org.apache.phoenix.shaded.org.fusesource.jansi.internal.WindowsSuppor
t.getConsoleMode(WindowsSupport.java:50)
at
org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMode(Window
sTerminal.java:177)
at
org.apache.phoenix.shaded.jline.WindowsTerminal.init(WindowsTerminal.
java:80)
at
org.apache.phoenix.shaded.jline.TerminalFactory.create(TerminalFactor
y.java:101)
at
org.apache.phoenix.shaded.jline.TerminalFactory.get(TerminalFactory.j
ava:159)
at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
at sqlline.SqlLine.<init>(SqlLine.java:55)
at sqlline.SqlLine.start(SqlLine.java:397)
at sqlline.SqlLine.main(SqlLine.java:291)
at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra
pper.java:88)
at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra
pper.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInforma
tion.java:1657)
at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrap
per.java:85)
[ERROR] Terminal initialization failed; falling back to unsupported
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.phoenix.sh
aded.org.fusesource.jansi.internal.Kernel32
at
org.apache.phoenix.shaded.org.fusesource.jansi.internal.WindowsSuppor
t.getConsoleMode(WindowsSupport.java:50)
at
org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMode(Window
sTerminal.java:177)
at
org.apache.phoenix.shaded.jline.WindowsTerminal.init(WindowsTerminal.
java:80)
at
org.apache.phoenix.shaded.jline.TerminalFactory.create(TerminalFactor
y.java:101)
at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
at sqlline.SqlLine.begin(SqlLine.java:657)
at sqlline.SqlLine.start(SqlLine.java:398)
at sqlline.SqlLine.main(SqlLine.java:291)
at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra
pper.java:88)
at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra
pper.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInforma
tion.java:1657)
at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrap
per.java:85)
Setting property: [incremental, false]
Setting property: [isolation, TRANSACTION_READ_COMMITTED]
issuing: !connect jdbc:phoenix:thin:url=http://namenode1:8765;serialization
=PROT
OBUF;authentication=SPNEGO none none
org.apache.phoenix.queryserver.client.Drive
r
Connecting to jdbc:phoenix:thin:url=http://namenode1:8765;serialization
=PROTOBUF
;authentication=SPNEGO
java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
at
org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl.
send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
at
org.apache.calcite.avatica.remote.RemoteProtobufService._apply(Remote
ProtobufService.java:45)
at
org.apache.calcite.avatica.remote.ProtobufService.apply(ProtobufServi
ce.java:81)
at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176)
at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157)
at
sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203)
at sqlline.Commands.connect(Commands.java:1064)
at sqlline.Commands.connect(Commands.java:996)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.jav
a:38)
at sqlline.SqlLine.dispatch(SqlLine.java:809)
at sqlline.SqlLine.initArgs(SqlLine.java:588)
at sqlline.SqlLine.begin(SqlLine.java:661)
at sqlline.SqlLine.start(SqlLine.java:398)
at sqlline.SqlLine.main(SqlLine.java:291)
at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra
pper.java:88)
at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra
pper.java:85)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInforma
tion.java:1657)
at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrap
per.java:85)
*SERVER SIDE ERROR:*
17/10/04 05:34:28 INFO server.Server: Started @9558ms
17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
17/10/04 05:38:39 WARN security.SpnegoLoginService:
GSSException: Failure unspecified at GSS-API level (Mechanism level:
Encryption
type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
788)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:285)
at
sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoCon
text.java:871)
at
sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext
.java:544)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:285)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginServi
ce.login(SpnegoLoginService.java:137)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.L
oginAuthenticator.login(LoginAuthenticator.java:61)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.S
pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.
handle(SecurityHandler.java:512)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerLis
t.handle(HandlerList.java:52)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWra
pper.handle(HandlerWrapper.java:97)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Serv
er.java:499)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle
(HttpChannel.java:311)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onF
illable(HttpConnection.java:257)
at
org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.r
un(AbstractConnection.java:544)
at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP
ool.runJob(QueuedThreadPool.java:635)
at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP
ool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:744)
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96
is no
t supported/enabled
at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:552)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken
.java:108)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
771)
... 19 more
Please help me to solve this issue.
--
Thanks and regards
D.Mallieswari
Re: Cannot connect phoenix client in kerberos cluster
Posted by rafa <ra...@gmail.com>.
Hi Mallieswari,
As far as I know you can configure queryServer to connect to a secured
cluster with a proper keytab and principal on its configuration. Once the
queryserver is started that way you can connect with a simple:
python sqlline-thin.py http://hostname:8765
can you login correctly in the cluster with the used keytab? could you
regenerate the keytab?
have you started the queryserver with the keytab and the log confirms it
has authenticated correctly?
regards,
rafa
On Thu, Oct 19, 2017 at 7:55 AM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:
> Hi Rafa,
>
> following are the checksum failed exception with additional logs gathered
> in query server side.
>
> ... 19 more
> Caused by: java.security.GeneralSecurityException: Checksum failed
> at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.
> decrypt(ArcFourCry
> pto.java:408)
> at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(
> ArcFourHmac.jav
> a:91)
> at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
> cEType.java:100)
> ... 25 more
> 17/10/19 05:42:10 DEBUG server.AvaticaJsonHandler: HTTP request from
> 172.0.0.4 i
> s unauthenticated and authentication is required
> 17/10/19 05:42:10 DEBUG server.HttpConnection:
> org.apache.phoenix.shaded.org.ecl
> ipse.jetty.server.HttpConnection$SendCallback@5891b2c8[PROCESSING][i=
> ResponseInf
> o{HTTP/1.1 404 null,278,false},cb=org.apache.phoenix.shaded.org.eclipse.
> jetty.se
> rver.HttpChannel$CommitCallback@76bf3474] generate: NEED_HEADER
> (null,[p=0,l=278
> ,c=2048,r=278],true)@START
> 17/10/19 05:42:10 DEBUG server.HttpConnection:
> org.apache.phoenix.shaded.org.ecl
> ipse.jetty.server.HttpConnection$SendCallback@5891b2c8[PROCESSING][i=
> ResponseInf
> o{HTTP/1.1 404 null,278,false},cb=org.apache.phoenix.shaded.org.eclipse.
> jetty.se
> rver.HttpChannel$CommitCallback@76bf3474] generate: FLUSH
> ([p=0,l=210,c=8192,r=2
> 10],[p=0,l=278,c=2048,r=278],true)@COMPLETING
> 17/10/19 05:42:10 DEBUG io.WriteFlusher: write: WriteFlusher@3d86d805{IDLE}
> [Hea
> pByteBuffer@58e0ca22[p=0,l=210,c=8192,r=210]={<<<HTTP/1.1 404 Not
> ...z-SNAPSHOT)
> \r\n\r\n>>>erver: Jetty(9.2....\x00\x00\x00\x00\
> x00\x00\x00\x00\x00\x00\x00\x00\
> x00\x00\x00},HeapByteBuffer@30ce894[p=0,l=278,c=2048,r=
> 278]={<<<<html>\n<head>\n
> <me.../body>\n</html>\n>>>\x00\x00\x00\x00\x00\x00\x00\
> x00\x00\x00\x00\x00\x00\x
> 00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
> x00\x00\x00\x00\x00}]
> 17/10/19 05:42:10 DEBUG io.WriteFlusher: update WriteFlusher@3d86d805
> {WRITING}:I
> DLE-->WRITING
>
> Regards,
> Mallieswari D
>
> On Thu, Oct 12, 2017 at 11:00 AM, Mallieswari Dineshbabu <
> dmallieswari@gmail.com> wrote:
>
>> Hi Rafa,
>>
>> As per your concerns, I have updated the JCE policy and tested now
>> getting "Checksum Failed" Exception. Please find the error below.
>>
>>
>>
>> GSSException: Failure unspecified at GSS-API level (Mechanism level: *Checksum
>> fa*
>>
>> *iled*)
>>
>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>> ext.java:
>>
>> 788)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :342)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :285)
>>
>> at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(
>> SpNegoCon
>>
>> text.java:871)
>>
>> at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(
>> SpNegoContext
>>
>> .java:544)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :342)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :285)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoL
>> oginServi
>>
>> ce.login(SpnegoLoginService.java:137)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>> ication.L
>>
>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>> ication.S
>>
>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.Securit
>> yHandler.
>>
>> handle(SecurityHandler.java:512)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>> andlerLis
>>
>> t.handle(HandlerList.java:52)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>> andlerWra
>>
>> pper.handle(HandlerWrapper.java:97)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.ha
>> ndle(Serv
>>
>> er.java:499)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChann
>> el.handle
>>
>> (HttpChannel.java:311)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConne
>> ction.onF
>>
>> illable(HttpConnection.java:257)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConne
>> ction$2.r
>>
>> un(AbstractConnection.java:544)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>> edThreadP
>>
>> ool.runJob(QueuedThreadPool.java:635)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>> edThreadP
>>
>> ool$3.run(QueuedThreadPool.java:555)
>>
>> at java.lang.Thread.run(Thread.java:744)
>>
>> Caused by: KrbException: Checksum failed
>>
>> at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(
>> ArcFourHma
>>
>> cEType.java:102)
>>
>> at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(
>> ArcFourHma
>>
>> cEType.java:94)
>>
>> at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:
>> 177)
>>
>> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
>>
>> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>
>> at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecCon
>> textToken
>>
>> .java:108)
>>
>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>> ext.java:
>>
>> 771)
>>
>> ... 19 more
>>
>> Caused by: java.security.GeneralSecurityException: Checksum failed
>>
>> at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(
>> ArcFourCry
>>
>> pto.java:408)
>>
>> at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFou
>> rHmac.jav
>>
>> a:91)
>>
>> at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(
>> ArcFourHma
>>
>> cEType.java:100)
>>
>> ... 25 more
>>
>>
>>
>> Please help me to fix this .
>>
>>
>> Regards,
>>
>>
>> Mallieswari D
>>
>> On Wed, Oct 11, 2017 at 5:42 PM, rafa <ra...@gmail.com> wrote:
>>
>>> Hi Mallieswari,
>>>
>>> The error:
>>>
>>> KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not
>>> supported/enabled
>>>
>>> points to JCE not installed or incorrectly installed in the JVM.
>>>
>>> What I have configured is : Phoenix query server connects itself to the
>>> secured cluster with a valid kerberos principal and keytab.
>>>
>>> The access to query server : sqlline-thin.py http://hostname:8765
>>>
>>> Regards,
>>> rafa
>>>
>>
>>
>>
>> --
>> Thanks and regards
>> D.Mallieswari
>>
>
>
>
> --
> Thanks and regards
> D.Mallieswari
>
Re: Cannot connect phoenix client in kerberos cluster
Posted by Mallieswari Dineshbabu <dm...@gmail.com>.
Hi Rafa,
following are the checksum failed exception with additional logs gathered
in query server side.
... 19 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at
sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry
pto.java:408)
at
sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav
a:91)
at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:100)
... 25 more
17/10/19 05:42:10 DEBUG server.AvaticaJsonHandler: HTTP request from
172.0.0.4 i
s unauthenticated and authentication is required
17/10/19 05:42:10 DEBUG server.HttpConnection:
org.apache.phoenix.shaded.org.ecl
ipse.jetty.server.HttpConnection$SendCallback@5891b2c8
[PROCESSING][i=ResponseInf
o{HTTP/1.1 404 null,278,false},cb=
org.apache.phoenix.shaded.org.eclipse.jetty.se
rver.HttpChannel$CommitCallback@76bf3474] generate: NEED_HEADER
(null,[p=0,l=278
,c=2048,r=278],true)@START
17/10/19 05:42:10 DEBUG server.HttpConnection:
org.apache.phoenix.shaded.org.ecl
ipse.jetty.server.HttpConnection$SendCallback@5891b2c8
[PROCESSING][i=ResponseInf
o{HTTP/1.1 404 null,278,false},cb=
org.apache.phoenix.shaded.org.eclipse.jetty.se
rver.HttpChannel$CommitCallback@76bf3474] generate: FLUSH
([p=0,l=210,c=8192,r=2
10],[p=0,l=278,c=2048,r=278],true)@COMPLETING
17/10/19 05:42:10 DEBUG io.WriteFlusher: write: WriteFlusher@3d86d805{IDLE}
[Hea
pByteBuffer@58e0ca22[p=0,l=210,c=8192,r=210]={<<<HTTP/1.1 404 Not
...z-SNAPSHOT)
\r\n\r\n>>>erver:
Jetty(9.2....\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\
x00\x00\x00},HeapByteBuffer@30ce894
[p=0,l=278,c=2048,r=278]={<<<<html>\n<head>\n
<me.../body>\n</html>\n>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x
00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00}]
17/10/19 05:42:10 DEBUG io.WriteFlusher: update WriteFlusher@3d86d805
{WRITING}:I
DLE-->WRITING
Regards,
Mallieswari D
On Thu, Oct 12, 2017 at 11:00 AM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:
> Hi Rafa,
>
> As per your concerns, I have updated the JCE policy and tested now getting
> "Checksum Failed" Exception. Please find the error below.
>
>
>
> GSSException: Failure unspecified at GSS-API level (Mechanism level: *Checksum
> fa*
>
> *iled*)
>
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 788)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
> at sun.security.jgss.spnego.SpNegoContext.GSS_
> acceptSecContext(SpNegoCon
>
> text.java:871)
>
> at sun.security.jgss.spnego.SpNegoContext.
> acceptSecContext(SpNegoContext
>
> .java:544)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SpnegoLoginServi
>
> ce.login(SpnegoLoginService.java:137)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.L
>
> oginAuthenticator.login(LoginAuthenticator.java:61)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.S
>
> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SecurityHandler.
>
> handle(SecurityHandler.java:512)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerLis
>
> t.handle(HandlerList.java:52)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerWra
>
> pper.handle(HandlerWrapper.java:97)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.
> handle(Serv
>
> er.java:499)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpChannel.handle
>
> (HttpChannel.java:311)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpConnection.onF
>
> illable(HttpConnection.java:257)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.io.
> AbstractConnection$2.r
>
> un(AbstractConnection.java:544)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool.runJob(QueuedThreadPool.java:635)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool$3.run(QueuedThreadPool.java:555)
>
> at java.lang.Thread.run(Thread.java:744)
>
> Caused by: KrbException: Checksum failed
>
> at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
>
> cEType.java:102)
>
> at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
>
> cEType.java:94)
>
> at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
>
> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
>
> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>
> at sun.security.jgss.krb5.InitSecContextToken.<init>(
> InitSecContextToken
>
> .java:108)
>
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 771)
>
> ... 19 more
>
> Caused by: java.security.GeneralSecurityException: Checksum failed
>
> at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.
> decrypt(ArcFourCry
>
> pto.java:408)
>
> at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(
> ArcFourHmac.jav
>
> a:91)
>
> at sun.security.krb5.internal.crypto.ArcFourHmacEType.
> decrypt(ArcFourHma
>
> cEType.java:100)
>
> ... 25 more
>
>
>
> Please help me to fix this .
>
>
> Regards,
>
>
> Mallieswari D
>
> On Wed, Oct 11, 2017 at 5:42 PM, rafa <ra...@gmail.com> wrote:
>
>> Hi Mallieswari,
>>
>> The error:
>>
>> KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not
>> supported/enabled
>>
>> points to JCE not installed or incorrectly installed in the JVM.
>>
>> What I have configured is : Phoenix query server connects itself to the
>> secured cluster with a valid kerberos principal and keytab.
>>
>> The access to query server : sqlline-thin.py http://hostname:8765
>>
>> Regards,
>> rafa
>>
>
>
>
> --
> Thanks and regards
> D.Mallieswari
>
--
Thanks and regards
D.Mallieswari
Re: Cannot connect phoenix client in kerberos cluster
Posted by Mallieswari Dineshbabu <dm...@gmail.com>.
Hi Rafa,
As per your concerns, I have updated the JCE policy and tested now getting
"Checksum Failed" Exception. Please find the error below.
GSSException: Failure unspecified at GSS-API level (Mechanism level: *Checksum
fa*
*iled*)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
788)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:285)
at
sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoCon
text.java:871)
at
sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext
.java:544)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:285)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginServi
ce.login(SpnegoLoginService.java:137)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.L
oginAuthenticator.login(LoginAuthenticator.java:61)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.S
pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.
handle(SecurityHandler.java:512)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerLis
t.handle(HandlerList.java:52)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWra
pper.handle(HandlerWrapper.java:97)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Serv
er.java:499)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle
(HttpChannel.java:311)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onF
illable(HttpConnection.java:257)
at
org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.r
un(AbstractConnection.java:544)
at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP
ool.runJob(QueuedThreadPool.java:635)
at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP
ool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:744)
Caused by: KrbException: Checksum failed
at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:102)
at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:94)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken
.java:108)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
771)
... 19 more
Caused by: java.security.GeneralSecurityException: Checksum failed
at
sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCry
pto.java:408)
at
sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.jav
a:91)
at
sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHma
cEType.java:100)
... 25 more
Please help me to fix this .
Regards,
Mallieswari D
On Wed, Oct 11, 2017 at 5:42 PM, rafa <ra...@gmail.com> wrote:
> Hi Mallieswari,
>
> The error:
>
> KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not
> supported/enabled
>
> points to JCE not installed or incorrectly installed in the JVM.
>
> What I have configured is : Phoenix query server connects itself to the
> secured cluster with a valid kerberos principal and keytab.
>
> The access to query server : sqlline-thin.py http://hostname:8765
>
> Regards,
> rafa
>
--
Thanks and regards
D.Mallieswari
Re: Cannot connect phoenix client in kerberos cluster
Posted by rafa <ra...@gmail.com>.
Hi Mallieswari,
The error:
KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not
supported/enabled
points to JCE not installed or incorrectly installed in the JVM.
What I have configured is : Phoenix query server connects itself to the
secured cluster with a valid kerberos principal and keytab.
The access to query server : sqlline-thin.py http://hostname:8765
Regards,
rafa
Re: Cannot connect phoenix client in kerberos cluster
Posted by Mallieswari Dineshbabu <dm...@gmail.com>.
Hi Rafa,
following are the log received in phoenix query server.
GSSException: Failure unspecified at GSS-API level (Mechanism level:
Encryption
type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
788)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:285)
at
sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoCon
text.java:871)
at
sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext
.java:544)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:342)
at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:285)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginServi
ce.login(SpnegoLoginService.java:137)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.L
oginAuthenticator.login(LoginAuthenticator.java:61)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.S
pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.
handle(SecurityHandler.java:512)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerLis
t.handle(HandlerList.java:52)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWra
pper.handle(HandlerWrapper.java:97)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Serv
er.java:499)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle
(HttpChannel.java:311)
at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onF
illable(HttpConnection.java:257)
at
org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.r
un(AbstractConnection.java:544)
at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP
ool.runJob(QueuedThreadPool.java:635)
at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP
ool$3.run(QueuedThreadPool.java:555)
at java.lang.Thread.run(Thread.java:744)
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96
is no
t supported/enabled
at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:552)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken
.java:108)
at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:
771)
... 19 more
On Mon, Oct 9, 2017 at 2:48 PM, rafa <ra...@gmail.com> wrote:
> Hi Mallieswari:
>
> *Method 1:* python sqlline-thin.py http://hostname:8765
>
> This should be enough to connect to Phoenix query server.
>
> Increase the Phoenix Qeury Server log file level to see if there is a
> problem with it.
>
> regards,
> rafa
>
> On Fri, Oct 6, 2017 at 11:28 AM, Mallieswari Dineshbabu <
> dmallieswari@gmail.com> wrote:
>
>> Hi rafa,
>> I have this Kernel32 error in normal hadoop cluster also but i can
>> successfully to connected with the query server using sqlline-thin.py. In
>> kerberos cluster the ,I getting following error.
>> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>> at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSp
>> negoImpl.send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>> at org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient$1.
>> run(DoAsAvaticaHttpClient.java:40)
>> at org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient$1.
>> run(DoAsAvaticaHttpClient.java:38)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.security.auth.Subject.doAs(Subject.java:360)
>> at org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient.send
>> (DoAsAvaticaHttpClient.java:38)
>> at org.apache.calcite.avatica.remote.RemoteProtobufService._app
>> ly(RemoteProtobufService.java:45)
>> at org.apache.calcite.avatica.remote.ProtobufService.apply(Prot
>> obufService.java:81)
>> at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176)
>> at java.sql.DriverManager.getConnection(DriverManager.java:664)
>> at java.sql.DriverManager.getConnection(DriverManager.java:270)
>> at multiaccess.Jobs.PhoenixJava(Jobs.java:69)
>> at multiaccess.Jobs.executeQueries(Jobs.java:39)
>> at multiaccess.MultiAccess$1.call(MultiAccess.java:61)
>> at multiaccess.MultiAccess$1.call(MultiAccess.java:56)
>> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool
>> Executor.java:1149)
>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo
>> lExecutor.java:624)
>> at java.lang.Thread.run(Thread.java:748)
>>
>> Note: Phoenix Package Version- 4.11.0-Hbase-1.2
>> Hbase Version- 4.2.5
>> Hadoop version- 2.7.2
>>
>>
>> Please help me to connect with query server through sqlline-thin client
>>
>> Regards,
>> Mallieswari D
>>
>> On Thu, Oct 5, 2017 at 7:01 PM, rafa <ra...@gmail.com> wrote:
>>
>>> Hi,
>>>
>>> The method 1 should work as far as the query server connects to the
>>> cluster successfully with the configured keytab. It seems a classpath
>>> problem on client side:
>>>
>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>
>>> java.lang.NoClassDefFoundError: Could not initialize class
>>> org.apache.phoenix.sh
>>> aded.org.fusesource.jansi.internal.Kernel32
>>>
>>> I have no exprience with windows. Seems that there is need for jline in
>>> the classpath
>>>
>>> https://jline.github.io/
>>>
>>> check this:
>>>
>>> https://issues.apache.org/jira/browse/HIVE-13824
>>>
>>> regards
>>>
>>>
>>> On Thu, Oct 5, 2017 at 2:29 PM, Mallieswari Dineshbabu <
>>> dmallieswari@gmail.com> wrote:
>>>
>>>> Yes, It is installed in all the JVMs. Any other solution.
>>>>
>>>>
>>>> On Wed, Oct 4, 2017 at 5:30 PM, rafa <ra...@gmail.com> wrote:
>>>>
>>>>> Hi Mallieswari,
>>>>>
>>>>> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
>>>>> Jurisdiction Policy Files are not installed in all the JVMs ?
>>>>>
>>>>> Regards,
>>>>> rafa
>>>>>
>>>>> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
>>>>> dmallieswari@gmail.com> wrote:
>>>>>
>>>>>> Hi ,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>>>>>> to Hbase version "1.2.5" in kerberos cluster.
>>>>>>
>>>>>>
>>>>>>
>>>>>> For phoenix secure cluster configuration, I have added the following
>>>>>> properties into the *hbase-site.xml* present in *phoenix/bin* along
>>>>>> with the properties of hbase configuration properties present in hbase/conf
>>>>>> path and refer the *core-site.xml*, *hdfs-site.xml* file in
>>>>>> phoenix/bin path
>>>>>>
>>>>>>
>>>>>>
>>>>>> phoenix.queryserver.keytab.file
>>>>>>
>>>>>> The key to look for keytab file.
>>>>>>
>>>>>> *unset*
>>>>>>
>>>>>> phoenix.queryserver.kerberos.principal
>>>>>>
>>>>>> The kerberos principal to use when authenticating.
>>>>>>
>>>>>> *unset*
>>>>>>
>>>>>> Phoenix Query Server:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Once updated a above properties query server has been started
>>>>>> successfully using keytab.
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Command to Server:*
>>>>>>
>>>>>> *python queryserver.py*
>>>>>>
>>>>>>
>>>>>>
>>>>>> Phoenix Client:
>>>>>>
>>>>>>
>>>>>>
>>>>>> Once the query server is started successfully then the port no 8765
>>>>>> comes to live. When i try to connect client with following command it
>>>>>> returns GSS Exception. Am I missing any steps in configuration.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Command to Client:*
>>>>>>
>>>>>> Following are the methods i tried to connect in secure cluster it
>>>>>> does not works.
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>>>>>
>>>>>> *Method 2:*
>>>>>>
>>>>>> python sqlthin-client.py http://hostname:8765;authentic
>>>>>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keyta
>>>>>> b=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>>>>>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *CLIENT SIDE ERROR:*
>>>>>>
>>>>>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py
>>>>>> http://namenode1:8765
>>>>>>
>>>>>> Failed to find hbase executable on PATH, defaulting serialization to
>>>>>> PROTOBUF.
>>>>>>
>>>>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>>>>
>>>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>>>> org.apache.phoenix.sh
>>>>>>
>>>>>> aded.org.fusesource.jansi.internal.Kernel32
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> fusesource.jansi.internal.WindowsSuppor
>>>>>>
>>>>>> t.getConsoleMode(WindowsSupport.java:50)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.WindowsTerminal.getConsoleMode(Window
>>>>>>
>>>>>> sTerminal.java:177)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.WindowsTerminal.init(WindowsTerminal.
>>>>>>
>>>>>> java:80)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.TerminalFactory.create(TerminalFactor
>>>>>>
>>>>>> y.java:101)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.TerminalFactory.get(TerminalFactory.j
>>>>>>
>>>>>> ava:159)
>>>>>>
>>>>>> at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>>>>>
>>>>>> at sqlline.SqlLine.<init>(SqlLine.java:55)
>>>>>>
>>>>>> at sqlline.SqlLine.start(SqlLine.java:397)
>>>>>>
>>>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>>
>>>>>> pper.java:88)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>>
>>>>>> pper.java:85)
>>>>>>
>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>
>>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>>
>>>>>> at org.apache.hadoop.security.Use
>>>>>> rGroupInformation.doAs(UserGroupInforma
>>>>>>
>>>>>> tion.java:1657)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper.main(SqllineWrap
>>>>>>
>>>>>> per.java:85)
>>>>>>
>>>>>>
>>>>>>
>>>>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>>>>
>>>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>>>> org.apache.phoenix.sh
>>>>>>
>>>>>> aded.org.fusesource.jansi.internal.Kernel32
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> fusesource.jansi.internal.WindowsSuppor
>>>>>>
>>>>>> t.getConsoleMode(WindowsSupport.java:50)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.WindowsTerminal.getConsoleMode(Window
>>>>>>
>>>>>> sTerminal.java:177)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.WindowsTerminal.init(WindowsTerminal.
>>>>>>
>>>>>> java:80)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.jlin
>>>>>> e.TerminalFactory.create(TerminalFactor
>>>>>>
>>>>>> y.java:101)
>>>>>>
>>>>>> at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>>>>>
>>>>>> at sqlline.SqlLine.begin(SqlLine.java:657)
>>>>>>
>>>>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>>>>
>>>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>>
>>>>>> pper.java:88)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>>
>>>>>> pper.java:85)
>>>>>>
>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>
>>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>>
>>>>>> at org.apache.hadoop.security.Use
>>>>>> rGroupInformation.doAs(UserGroupInforma
>>>>>>
>>>>>> tion.java:1657)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper.main(SqllineWrap
>>>>>>
>>>>>> per.java:85)
>>>>>>
>>>>>>
>>>>>>
>>>>>> Setting property: [incremental, false]
>>>>>>
>>>>>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>>>>>
>>>>>> issuing: !connect jdbc:phoenix:thin:url=http://n
>>>>>> amenode1:8765;serialization=PROT
>>>>>>
>>>>>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>>>>>> .client.Drive
>>>>>>
>>>>>> r
>>>>>>
>>>>>> Connecting to jdbc:phoenix:thin:url=http://n
>>>>>> amenode1:8765;serialization=PROTOBUF
>>>>>>
>>>>>> ;authentication=SPNEGO
>>>>>>
>>>>>> java.lang.RuntimeException: Failed to execute HTTP Request, got
>>>>>> HTTP/404
>>>>>>
>>>>>> at org.apache.calcite.avatica.rem
>>>>>> ote.AvaticaCommonsHttpClientSpnegoImpl.
>>>>>>
>>>>>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>>>>>
>>>>>> at org.apache.calcite.avatica.rem
>>>>>> ote.RemoteProtobufService._apply(Remote
>>>>>>
>>>>>> ProtobufService.java:45)
>>>>>>
>>>>>> at org.apache.calcite.avatica.rem
>>>>>> ote.ProtobufService.apply(ProtobufServi
>>>>>>
>>>>>> ce.java:81)
>>>>>>
>>>>>> at org.apache.calcite.avatica.rem
>>>>>> ote.Driver.connect(Driver.java:176)
>>>>>>
>>>>>> at sqlline.DatabaseConnection.con
>>>>>> nect(DatabaseConnection.java:157)
>>>>>>
>>>>>> at sqlline.DatabaseConnection.get
>>>>>> Connection(DatabaseConnection.java:203)
>>>>>>
>>>>>>
>>>>>>
>>>>>> at sqlline.Commands.connect(Commands.java:1064)
>>>>>>
>>>>>> at sqlline.Commands.connect(Commands.java:996)
>>>>>>
>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>>>>> Method)
>>>>>>
>>>>>> at sun.reflect.NativeMethodAccess
>>>>>> orImpl.invoke(NativeMethodAccessorImpl.
>>>>>>
>>>>>> java:57)
>>>>>>
>>>>>> at sun.reflect.DelegatingMethodAc
>>>>>> cessorImpl.invoke(DelegatingMethodAcces
>>>>>>
>>>>>> sorImpl.java:43)
>>>>>>
>>>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>>>>
>>>>>> at sqlline.ReflectiveCommandHandl
>>>>>> er.execute(ReflectiveCommandHandler.jav
>>>>>>
>>>>>> a:38)
>>>>>>
>>>>>> at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>>>>>
>>>>>> at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>>>>>
>>>>>> at sqlline.SqlLine.begin(SqlLine.java:661)
>>>>>>
>>>>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>>>>
>>>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>>
>>>>>> pper.java:88)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>>
>>>>>> pper.java:85)
>>>>>>
>>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>>
>>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>>
>>>>>> at org.apache.hadoop.security.Use
>>>>>> rGroupInformation.doAs(UserGroupInforma
>>>>>>
>>>>>> tion.java:1657)
>>>>>>
>>>>>> at org.apache.phoenix.queryserver
>>>>>> .client.SqllineWrapper.main(SqllineWrap
>>>>>>
>>>>>> per.java:85)
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> *SERVER SIDE ERROR:*
>>>>>>
>>>>>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>>>>>
>>>>>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port
>>>>>> 8765.
>>>>>>
>>>>>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>>>>>
>>>>>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>>>>>> Encryption
>>>>>>
>>>>>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>>>>>
>>>>>> at sun.security.jgss.krb5.Krb5Con
>>>>>> text.acceptSecContext(Krb5Context.java:
>>>>>>
>>>>>> 788)
>>>>>>
>>>>>> at sun.security.jgss.GSSContextIm
>>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>>
>>>>>> :342)
>>>>>>
>>>>>> at sun.security.jgss.GSSContextIm
>>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>>
>>>>>> :285)
>>>>>>
>>>>>> at sun.security.jgss.spnego.SpNeg
>>>>>> oContext.GSS_acceptSecContext(SpNegoCon
>>>>>>
>>>>>> text.java:871)
>>>>>>
>>>>>> at sun.security.jgss.spnego.SpNeg
>>>>>> oContext.acceptSecContext(SpNegoContext
>>>>>>
>>>>>> .java:544)
>>>>>>
>>>>>> at sun.security.jgss.GSSContextIm
>>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>>
>>>>>> :342)
>>>>>>
>>>>>> at sun.security.jgss.GSSContextIm
>>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>>
>>>>>> :285)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.security.SpnegoLoginServi
>>>>>>
>>>>>> ce.login(SpnegoLoginService.java:137)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.security.authentication.L
>>>>>>
>>>>>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.security.authentication.S
>>>>>>
>>>>>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.security.SecurityHandler.
>>>>>>
>>>>>> handle(SecurityHandler.java:512)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.server.handler.HandlerLis
>>>>>>
>>>>>> t.handle(HandlerList.java:52)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.server.handler.HandlerWra
>>>>>>
>>>>>> pper.handle(HandlerWrapper.java:97)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.server.Server.handle(Serv
>>>>>>
>>>>>> er.java:499)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.server.HttpChannel.handle
>>>>>>
>>>>>> (HttpChannel.java:311)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.server.HttpConnection.onF
>>>>>>
>>>>>> illable(HttpConnection.java:257)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.io
>>>>>> .AbstractConnection$2.r
>>>>>>
>>>>>> un(AbstractConnection.java:544)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.util.thread.QueuedThreadP
>>>>>>
>>>>>> ool.runJob(QueuedThreadPool.java:635)
>>>>>>
>>>>>> at org.apache.phoenix.shaded.org.
>>>>>> eclipse.jetty.util.thread.QueuedThreadP
>>>>>>
>>>>>> ool$3.run(QueuedThreadPool.java:555)
>>>>>>
>>>>>> at java.lang.Thread.run(Thread.java:744)
>>>>>>
>>>>>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>>>>>> SHA1-96 is no
>>>>>>
>>>>>> t supported/enabled
>>>>>>
>>>>>> at sun.security.krb5.EncryptionKe
>>>>>> y.findKey(EncryptionKey.java:552)
>>>>>>
>>>>>> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>>>>>
>>>>>> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>>>>>
>>>>>> at sun.security.jgss.krb5.InitSec
>>>>>> ContextToken.<init>(InitSecContextToken
>>>>>>
>>>>>> .java:108)
>>>>>>
>>>>>> at sun.security.jgss.krb5.Krb5Con
>>>>>> text.acceptSecContext(Krb5Context.java:
>>>>>>
>>>>>> 771)
>>>>>>
>>>>>> ... 19 more
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Please help me to solve this issue.
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Thanks and regards
>>>>>>
>>>>>> D.Mallieswari
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Thanks and regards
>>>> D.Mallieswari
>>>>
>>>
>>>
>>
>>
>> --
>> Thanks and regards
>> D.Mallieswari
>>
>
>
--
Thanks and regards
D.Mallieswari
Re: Cannot connect phoenix client in kerberos cluster
Posted by rafa <ra...@gmail.com>.
Hi Mallieswari:
*Method 1:* python sqlline-thin.py http://hostname:8765
This should be enough to connect to Phoenix query server.
Increase the Phoenix Qeury Server log file level to see if there is a
problem with it.
regards,
rafa
On Fri, Oct 6, 2017 at 11:28 AM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:
> Hi rafa,
> I have this Kernel32 error in normal hadoop cluster also but i can
> successfully to connected with the query server using sqlline-thin.py. In
> kerberos cluster the ,I getting following error.
> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
> at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnego
> Impl.send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
> at org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient$
> 1.run(DoAsAvaticaHttpClient.java:40)
> at org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient$
> 1.run(DoAsAvaticaHttpClient.java:38)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:360)
> at org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient.
> send(DoAsAvaticaHttpClient.java:38)
> at org.apache.calcite.avatica.remote.RemoteProtobufService._
> apply(RemoteProtobufService.java:45)
> at org.apache.calcite.avatica.remote.ProtobufService.apply(
> ProtobufService.java:81)
> at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176)
> at java.sql.DriverManager.getConnection(DriverManager.java:664)
> at java.sql.DriverManager.getConnection(DriverManager.java:270)
> at multiaccess.Jobs.PhoenixJava(Jobs.java:69)
> at multiaccess.Jobs.executeQueries(Jobs.java:39)
> at multiaccess.MultiAccess$1.call(MultiAccess.java:61)
> at multiaccess.MultiAccess$1.call(MultiAccess.java:56)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(
> ThreadPoolExecutor.java:1149)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(
> ThreadPoolExecutor.java:624)
> at java.lang.Thread.run(Thread.java:748)
>
> Note: Phoenix Package Version- 4.11.0-Hbase-1.2
> Hbase Version- 4.2.5
> Hadoop version- 2.7.2
>
>
> Please help me to connect with query server through sqlline-thin client
>
> Regards,
> Mallieswari D
>
> On Thu, Oct 5, 2017 at 7:01 PM, rafa <ra...@gmail.com> wrote:
>
>> Hi,
>>
>> The method 1 should work as far as the query server connects to the
>> cluster successfully with the configured keytab. It seems a classpath
>> problem on client side:
>>
>> [ERROR] Terminal initialization failed; falling back to unsupported
>>
>> java.lang.NoClassDefFoundError: Could not initialize class
>> org.apache.phoenix.sh
>> aded.org.fusesource.jansi.internal.Kernel32
>>
>> I have no exprience with windows. Seems that there is need for jline in
>> the classpath
>>
>> https://jline.github.io/
>>
>> check this:
>>
>> https://issues.apache.org/jira/browse/HIVE-13824
>>
>> regards
>>
>>
>> On Thu, Oct 5, 2017 at 2:29 PM, Mallieswari Dineshbabu <
>> dmallieswari@gmail.com> wrote:
>>
>>> Yes, It is installed in all the JVMs. Any other solution.
>>>
>>>
>>> On Wed, Oct 4, 2017 at 5:30 PM, rafa <ra...@gmail.com> wrote:
>>>
>>>> Hi Mallieswari,
>>>>
>>>> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
>>>> Jurisdiction Policy Files are not installed in all the JVMs ?
>>>>
>>>> Regards,
>>>> rafa
>>>>
>>>> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
>>>> dmallieswari@gmail.com> wrote:
>>>>
>>>>> Hi ,
>>>>>
>>>>>
>>>>>
>>>>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>>>>> to Hbase version "1.2.5" in kerberos cluster.
>>>>>
>>>>>
>>>>>
>>>>> For phoenix secure cluster configuration, I have added the following
>>>>> properties into the *hbase-site.xml* present in *phoenix/bin* along
>>>>> with the properties of hbase configuration properties present in hbase/conf
>>>>> path and refer the *core-site.xml*, *hdfs-site.xml* file in
>>>>> phoenix/bin path
>>>>>
>>>>>
>>>>>
>>>>> phoenix.queryserver.keytab.file
>>>>>
>>>>> The key to look for keytab file.
>>>>>
>>>>> *unset*
>>>>>
>>>>> phoenix.queryserver.kerberos.principal
>>>>>
>>>>> The kerberos principal to use when authenticating.
>>>>>
>>>>> *unset*
>>>>>
>>>>> Phoenix Query Server:
>>>>>
>>>>>
>>>>>
>>>>> Once updated a above properties query server has been started
>>>>> successfully using keytab.
>>>>>
>>>>>
>>>>>
>>>>> *Command to Server:*
>>>>>
>>>>> *python queryserver.py*
>>>>>
>>>>>
>>>>>
>>>>> Phoenix Client:
>>>>>
>>>>>
>>>>>
>>>>> Once the query server is started successfully then the port no 8765
>>>>> comes to live. When i try to connect client with following command it
>>>>> returns GSS Exception. Am I missing any steps in configuration.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *Command to Client:*
>>>>>
>>>>> Following are the methods i tried to connect in secure cluster it does
>>>>> not works.
>>>>>
>>>>>
>>>>>
>>>>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>>>>
>>>>> *Method 2:*
>>>>>
>>>>> python sqlthin-client.py http://hostname:8765;authentic
>>>>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keyta
>>>>> b=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>>>>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *CLIENT SIDE ERROR:*
>>>>>
>>>>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py
>>>>> http://namenode1:8765
>>>>>
>>>>> Failed to find hbase executable on PATH, defaulting serialization to
>>>>> PROTOBUF.
>>>>>
>>>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>>>
>>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>>> org.apache.phoenix.sh
>>>>>
>>>>> aded.org.fusesource.jansi.internal.Kernel32
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> fusesource.jansi.internal.WindowsSuppor
>>>>>
>>>>> t.getConsoleMode(WindowsSupport.java:50)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.WindowsTerminal.getConsoleMode(Window
>>>>>
>>>>> sTerminal.java:177)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.WindowsTerminal.init(WindowsTerminal.
>>>>>
>>>>> java:80)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.TerminalFactory.create(TerminalFactor
>>>>>
>>>>> y.java:101)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.TerminalFactory.get(TerminalFactory.j
>>>>>
>>>>> ava:159)
>>>>>
>>>>> at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>>>>
>>>>> at sqlline.SqlLine.<init>(SqlLine.java:55)
>>>>>
>>>>> at sqlline.SqlLine.start(SqlLine.java:397)
>>>>>
>>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>
>>>>> pper.java:88)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>
>>>>> pper.java:85)
>>>>>
>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>
>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>
>>>>> at org.apache.hadoop.security.Use
>>>>> rGroupInformation.doAs(UserGroupInforma
>>>>>
>>>>> tion.java:1657)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper.main(SqllineWrap
>>>>>
>>>>> per.java:85)
>>>>>
>>>>>
>>>>>
>>>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>>>
>>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>>> org.apache.phoenix.sh
>>>>>
>>>>> aded.org.fusesource.jansi.internal.Kernel32
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> fusesource.jansi.internal.WindowsSuppor
>>>>>
>>>>> t.getConsoleMode(WindowsSupport.java:50)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.WindowsTerminal.getConsoleMode(Window
>>>>>
>>>>> sTerminal.java:177)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.WindowsTerminal.init(WindowsTerminal.
>>>>>
>>>>> java:80)
>>>>>
>>>>> at org.apache.phoenix.shaded.jlin
>>>>> e.TerminalFactory.create(TerminalFactor
>>>>>
>>>>> y.java:101)
>>>>>
>>>>> at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>>>>
>>>>> at sqlline.SqlLine.begin(SqlLine.java:657)
>>>>>
>>>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>>>
>>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>
>>>>> pper.java:88)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>
>>>>> pper.java:85)
>>>>>
>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>
>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>
>>>>> at org.apache.hadoop.security.Use
>>>>> rGroupInformation.doAs(UserGroupInforma
>>>>>
>>>>> tion.java:1657)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper.main(SqllineWrap
>>>>>
>>>>> per.java:85)
>>>>>
>>>>>
>>>>>
>>>>> Setting property: [incremental, false]
>>>>>
>>>>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>>>>
>>>>> issuing: !connect jdbc:phoenix:thin:url=http://n
>>>>> amenode1:8765;serialization=PROT
>>>>>
>>>>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>>>>> .client.Drive
>>>>>
>>>>> r
>>>>>
>>>>> Connecting to jdbc:phoenix:thin:url=http://n
>>>>> amenode1:8765;serialization=PROTOBUF
>>>>>
>>>>> ;authentication=SPNEGO
>>>>>
>>>>> java.lang.RuntimeException: Failed to execute HTTP Request, got
>>>>> HTTP/404
>>>>>
>>>>> at org.apache.calcite.avatica.rem
>>>>> ote.AvaticaCommonsHttpClientSpnegoImpl.
>>>>>
>>>>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>>>>
>>>>> at org.apache.calcite.avatica.rem
>>>>> ote.RemoteProtobufService._apply(Remote
>>>>>
>>>>> ProtobufService.java:45)
>>>>>
>>>>> at org.apache.calcite.avatica.rem
>>>>> ote.ProtobufService.apply(ProtobufServi
>>>>>
>>>>> ce.java:81)
>>>>>
>>>>> at org.apache.calcite.avatica.rem
>>>>> ote.Driver.connect(Driver.java:176)
>>>>>
>>>>> at sqlline.DatabaseConnection.con
>>>>> nect(DatabaseConnection.java:157)
>>>>>
>>>>> at sqlline.DatabaseConnection.get
>>>>> Connection(DatabaseConnection.java:203)
>>>>>
>>>>>
>>>>>
>>>>> at sqlline.Commands.connect(Commands.java:1064)
>>>>>
>>>>> at sqlline.Commands.connect(Commands.java:996)
>>>>>
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>>
>>>>> at sun.reflect.NativeMethodAccess
>>>>> orImpl.invoke(NativeMethodAccessorImpl.
>>>>>
>>>>> java:57)
>>>>>
>>>>> at sun.reflect.DelegatingMethodAc
>>>>> cessorImpl.invoke(DelegatingMethodAcces
>>>>>
>>>>> sorImpl.java:43)
>>>>>
>>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>>>
>>>>> at sqlline.ReflectiveCommandHandl
>>>>> er.execute(ReflectiveCommandHandler.jav
>>>>>
>>>>> a:38)
>>>>>
>>>>> at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>>>>
>>>>> at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>>>>
>>>>> at sqlline.SqlLine.begin(SqlLine.java:661)
>>>>>
>>>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>>>
>>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>
>>>>> pper.java:88)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper$1.run(SqllineWra
>>>>>
>>>>> pper.java:85)
>>>>>
>>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>>
>>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>>
>>>>> at org.apache.hadoop.security.Use
>>>>> rGroupInformation.doAs(UserGroupInforma
>>>>>
>>>>> tion.java:1657)
>>>>>
>>>>> at org.apache.phoenix.queryserver
>>>>> .client.SqllineWrapper.main(SqllineWrap
>>>>>
>>>>> per.java:85)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *SERVER SIDE ERROR:*
>>>>>
>>>>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>>>>
>>>>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port
>>>>> 8765.
>>>>>
>>>>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>>>>
>>>>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>>>>> Encryption
>>>>>
>>>>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>>>>
>>>>> at sun.security.jgss.krb5.Krb5Con
>>>>> text.acceptSecContext(Krb5Context.java:
>>>>>
>>>>> 788)
>>>>>
>>>>> at sun.security.jgss.GSSContextIm
>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>
>>>>> :342)
>>>>>
>>>>> at sun.security.jgss.GSSContextIm
>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>
>>>>> :285)
>>>>>
>>>>> at sun.security.jgss.spnego.SpNeg
>>>>> oContext.GSS_acceptSecContext(SpNegoCon
>>>>>
>>>>> text.java:871)
>>>>>
>>>>> at sun.security.jgss.spnego.SpNeg
>>>>> oContext.acceptSecContext(SpNegoContext
>>>>>
>>>>> .java:544)
>>>>>
>>>>> at sun.security.jgss.GSSContextIm
>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>
>>>>> :342)
>>>>>
>>>>> at sun.security.jgss.GSSContextIm
>>>>> pl.acceptSecContext(GSSContextImpl.java
>>>>>
>>>>> :285)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.security.SpnegoLoginServi
>>>>>
>>>>> ce.login(SpnegoLoginService.java:137)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.security.authentication.L
>>>>>
>>>>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.security.authentication.S
>>>>>
>>>>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.security.SecurityHandler.
>>>>>
>>>>> handle(SecurityHandler.java:512)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.server.handler.HandlerLis
>>>>>
>>>>> t.handle(HandlerList.java:52)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.server.handler.HandlerWra
>>>>>
>>>>> pper.handle(HandlerWrapper.java:97)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.server.Server.handle(Serv
>>>>>
>>>>> er.java:499)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.server.HttpChannel.handle
>>>>>
>>>>> (HttpChannel.java:311)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.server.HttpConnection.onF
>>>>>
>>>>> illable(HttpConnection.java:257)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.io
>>>>> .AbstractConnection$2.r
>>>>>
>>>>> un(AbstractConnection.java:544)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.util.thread.QueuedThreadP
>>>>>
>>>>> ool.runJob(QueuedThreadPool.java:635)
>>>>>
>>>>> at org.apache.phoenix.shaded.org.
>>>>> eclipse.jetty.util.thread.QueuedThreadP
>>>>>
>>>>> ool$3.run(QueuedThreadPool.java:555)
>>>>>
>>>>> at java.lang.Thread.run(Thread.java:744)
>>>>>
>>>>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>>>>> SHA1-96 is no
>>>>>
>>>>> t supported/enabled
>>>>>
>>>>> at sun.security.krb5.EncryptionKe
>>>>> y.findKey(EncryptionKey.java:552)
>>>>>
>>>>> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>>>>
>>>>> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>>>>
>>>>> at sun.security.jgss.krb5.InitSec
>>>>> ContextToken.<init>(InitSecContextToken
>>>>>
>>>>> .java:108)
>>>>>
>>>>> at sun.security.jgss.krb5.Krb5Con
>>>>> text.acceptSecContext(Krb5Context.java:
>>>>>
>>>>> 771)
>>>>>
>>>>> ... 19 more
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Please help me to solve this issue.
>>>>>
>>>>> --
>>>>>
>>>>> Thanks and regards
>>>>>
>>>>> D.Mallieswari
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Thanks and regards
>>> D.Mallieswari
>>>
>>
>>
>
>
> --
> Thanks and regards
> D.Mallieswari
>
Re: Cannot connect phoenix client in kerberos cluster
Posted by Mallieswari Dineshbabu <dm...@gmail.com>.
Hi rafa,
I have this Kernel32 error in normal hadoop cluster also but i can
successfully to connected with the query server using sqlline-thin.py. In
kerberos cluster the ,I getting following error.
java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
at
org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl.send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
at
org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient$1.run(DoAsAvaticaHttpClient.java:40)
at
org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient$1.run(DoAsAvaticaHttpClient.java:38)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:360)
at
org.apache.calcite.avatica.remote.DoAsAvaticaHttpClient.send(DoAsAvaticaHttpClient.java:38)
at
org.apache.calcite.avatica.remote.RemoteProtobufService._apply(RemoteProtobufService.java:45)
at
org.apache.calcite.avatica.remote.ProtobufService.apply(ProtobufService.java:81)
at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at multiaccess.Jobs.PhoenixJava(Jobs.java:69)
at multiaccess.Jobs.executeQueries(Jobs.java:39)
at multiaccess.MultiAccess$1.call(MultiAccess.java:61)
at multiaccess.MultiAccess$1.call(MultiAccess.java:56)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Note: Phoenix Package Version- 4.11.0-Hbase-1.2
Hbase Version- 4.2.5
Hadoop version- 2.7.2
Please help me to connect with query server through sqlline-thin client
Regards,
Mallieswari D
On Thu, Oct 5, 2017 at 7:01 PM, rafa <ra...@gmail.com> wrote:
> Hi,
>
> The method 1 should work as far as the query server connects to the
> cluster successfully with the configured keytab. It seems a classpath
> problem on client side:
>
> [ERROR] Terminal initialization failed; falling back to unsupported
>
> java.lang.NoClassDefFoundError: Could not initialize class
> org.apache.phoenix.sh
> aded.org.fusesource.jansi.internal.Kernel32
>
> I have no exprience with windows. Seems that there is need for jline in
> the classpath
>
> https://jline.github.io/
>
> check this:
>
> https://issues.apache.org/jira/browse/HIVE-13824
>
> regards
>
>
> On Thu, Oct 5, 2017 at 2:29 PM, Mallieswari Dineshbabu <
> dmallieswari@gmail.com> wrote:
>
>> Yes, It is installed in all the JVMs. Any other solution.
>>
>>
>> On Wed, Oct 4, 2017 at 5:30 PM, rafa <ra...@gmail.com> wrote:
>>
>>> Hi Mallieswari,
>>>
>>> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
>>> Jurisdiction Policy Files are not installed in all the JVMs ?
>>>
>>> Regards,
>>> rafa
>>>
>>> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
>>> dmallieswari@gmail.com> wrote:
>>>
>>>> Hi ,
>>>>
>>>>
>>>>
>>>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>>>> to Hbase version "1.2.5" in kerberos cluster.
>>>>
>>>>
>>>>
>>>> For phoenix secure cluster configuration, I have added the following
>>>> properties into the *hbase-site.xml* present in *phoenix/bin* along
>>>> with the properties of hbase configuration properties present in hbase/conf
>>>> path and refer the *core-site.xml*, *hdfs-site.xml* file in
>>>> phoenix/bin path
>>>>
>>>>
>>>>
>>>> phoenix.queryserver.keytab.file
>>>>
>>>> The key to look for keytab file.
>>>>
>>>> *unset*
>>>>
>>>> phoenix.queryserver.kerberos.principal
>>>>
>>>> The kerberos principal to use when authenticating.
>>>>
>>>> *unset*
>>>>
>>>> Phoenix Query Server:
>>>>
>>>>
>>>>
>>>> Once updated a above properties query server has been started
>>>> successfully using keytab.
>>>>
>>>>
>>>>
>>>> *Command to Server:*
>>>>
>>>> *python queryserver.py*
>>>>
>>>>
>>>>
>>>> Phoenix Client:
>>>>
>>>>
>>>>
>>>> Once the query server is started successfully then the port no 8765
>>>> comes to live. When i try to connect client with following command it
>>>> returns GSS Exception. Am I missing any steps in configuration.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *Command to Client:*
>>>>
>>>> Following are the methods i tried to connect in secure cluster it does
>>>> not works.
>>>>
>>>>
>>>>
>>>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>>>
>>>> *Method 2:*
>>>>
>>>> python sqlthin-client.py http://hostname:8765;authentic
>>>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keyta
>>>> b=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>>>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *CLIENT SIDE ERROR:*
>>>>
>>>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>>>>
>>>> Failed to find hbase executable on PATH, defaulting serialization to
>>>> PROTOBUF.
>>>>
>>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>>
>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>> org.apache.phoenix.sh
>>>>
>>>> aded.org.fusesource.jansi.internal.Kernel32
>>>>
>>>> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>>>> owsSuppor
>>>>
>>>> t.getConsoleMode(WindowsSupport.java:50)
>>>>
>>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>>>> de(Window
>>>>
>>>> sTerminal.java:177)
>>>>
>>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>>>> Terminal.
>>>>
>>>> java:80)
>>>>
>>>> at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>>>> nalFactor
>>>>
>>>> y.java:101)
>>>>
>>>> at org.apache.phoenix.shaded.jline.TerminalFactory.get(Terminal
>>>> Factory.j
>>>>
>>>> ava:159)
>>>>
>>>> at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>>>
>>>> at sqlline.SqlLine.<init>(SqlLine.java:55)
>>>>
>>>> at sqlline.SqlLine.start(SqlLine.java:397)
>>>>
>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>>> qllineWra
>>>>
>>>> pper.java:88)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>>> qllineWra
>>>>
>>>> pper.java:85)
>>>>
>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>
>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>
>>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>>> upInforma
>>>>
>>>> tion.java:1657)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>>> llineWrap
>>>>
>>>> per.java:85)
>>>>
>>>>
>>>>
>>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>>
>>>> java.lang.NoClassDefFoundError: Could not initialize class
>>>> org.apache.phoenix.sh
>>>>
>>>> aded.org.fusesource.jansi.internal.Kernel32
>>>>
>>>> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>>>> owsSuppor
>>>>
>>>> t.getConsoleMode(WindowsSupport.java:50)
>>>>
>>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>>>> de(Window
>>>>
>>>> sTerminal.java:177)
>>>>
>>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>>>> Terminal.
>>>>
>>>> java:80)
>>>>
>>>> at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>>>> nalFactor
>>>>
>>>> y.java:101)
>>>>
>>>> at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>>>
>>>> at sqlline.SqlLine.begin(SqlLine.java:657)
>>>>
>>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>>
>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>>> qllineWra
>>>>
>>>> pper.java:88)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>>> qllineWra
>>>>
>>>> pper.java:85)
>>>>
>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>
>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>
>>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>>> upInforma
>>>>
>>>> tion.java:1657)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>>> llineWrap
>>>>
>>>> per.java:85)
>>>>
>>>>
>>>>
>>>> Setting property: [incremental, false]
>>>>
>>>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>>>
>>>> issuing: !connect jdbc:phoenix:thin:url=http://n
>>>> amenode1:8765;serialization=PROT
>>>>
>>>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>>>> .client.Drive
>>>>
>>>> r
>>>>
>>>> Connecting to jdbc:phoenix:thin:url=http://n
>>>> amenode1:8765;serialization=PROTOBUF
>>>>
>>>> ;authentication=SPNEGO
>>>>
>>>> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>>>>
>>>> at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSp
>>>> negoImpl.
>>>>
>>>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>>>
>>>> at org.apache.calcite.avatica.remote.RemoteProtobufService._app
>>>> ly(Remote
>>>>
>>>> ProtobufService.java:45)
>>>>
>>>> at org.apache.calcite.avatica.remote.ProtobufService.apply(Prot
>>>> obufServi
>>>>
>>>> ce.java:81)
>>>>
>>>> at org.apache.calcite.avatica.remote.Driver.connect(Driver.java
>>>> :176)
>>>>
>>>> at sqlline.DatabaseConnection.connect(DatabaseConnection.java:1
>>>> 57)
>>>>
>>>> at sqlline.DatabaseConnection.getConnection(DatabaseConnection.
>>>> java:203)
>>>>
>>>>
>>>>
>>>> at sqlline.Commands.connect(Commands.java:1064)
>>>>
>>>> at sqlline.Commands.connect(Commands.java:996)
>>>>
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>>> ssorImpl.
>>>>
>>>> java:57)
>>>>
>>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>>> thodAcces
>>>>
>>>> sorImpl.java:43)
>>>>
>>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>>
>>>> at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHa
>>>> ndler.jav
>>>>
>>>> a:38)
>>>>
>>>> at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>>>
>>>> at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>>>
>>>> at sqlline.SqlLine.begin(SqlLine.java:661)
>>>>
>>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>>
>>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>>> qllineWra
>>>>
>>>> pper.java:88)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>>> qllineWra
>>>>
>>>> pper.java:85)
>>>>
>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>>
>>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>>
>>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>>> upInforma
>>>>
>>>> tion.java:1657)
>>>>
>>>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>>> llineWrap
>>>>
>>>> per.java:85)
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> *SERVER SIDE ERROR:*
>>>>
>>>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>>>
>>>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port
>>>> 8765.
>>>>
>>>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>>>
>>>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>>>> Encryption
>>>>
>>>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>>>
>>>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>>>> ext.java:
>>>>
>>>> 788)
>>>>
>>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>>> Impl.java
>>>>
>>>> :342)
>>>>
>>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>>> Impl.java
>>>>
>>>> :285)
>>>>
>>>> at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(
>>>> SpNegoCon
>>>>
>>>> text.java:871)
>>>>
>>>> at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNe
>>>> goContext
>>>>
>>>> .java:544)
>>>>
>>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>>> Impl.java
>>>>
>>>> :342)
>>>>
>>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>>> Impl.java
>>>>
>>>> :285)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoL
>>>> oginServi
>>>>
>>>> ce.login(SpnegoLoginService.java:137)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>>>> ication.L
>>>>
>>>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>>>> ication.S
>>>>
>>>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.Securit
>>>> yHandler.
>>>>
>>>> handle(SecurityHandler.java:512)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>>>> andlerLis
>>>>
>>>> t.handle(HandlerList.java:52)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>>>> andlerWra
>>>>
>>>> pper.handle(HandlerWrapper.java:97)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.ha
>>>> ndle(Serv
>>>>
>>>> er.java:499)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChann
>>>> el.handle
>>>>
>>>> (HttpChannel.java:311)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConne
>>>> ction.onF
>>>>
>>>> illable(HttpConnection.java:257)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConne
>>>> ction$2.r
>>>>
>>>> un(AbstractConnection.java:544)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>>>> edThreadP
>>>>
>>>> ool.runJob(QueuedThreadPool.java:635)
>>>>
>>>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>>>> edThreadP
>>>>
>>>> ool$3.run(QueuedThreadPool.java:555)
>>>>
>>>> at java.lang.Thread.run(Thread.java:744)
>>>>
>>>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>>>> SHA1-96 is no
>>>>
>>>> t supported/enabled
>>>>
>>>> at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:5
>>>> 52)
>>>>
>>>> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>>>
>>>> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>>>
>>>> at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecCon
>>>> textToken
>>>>
>>>> .java:108)
>>>>
>>>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>>>> ext.java:
>>>>
>>>> 771)
>>>>
>>>> ... 19 more
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Please help me to solve this issue.
>>>>
>>>> --
>>>>
>>>> Thanks and regards
>>>>
>>>> D.Mallieswari
>>>>
>>>
>>>
>>
>>
>> --
>> Thanks and regards
>> D.Mallieswari
>>
>
>
--
Thanks and regards
D.Mallieswari
Re: Cannot connect phoenix client in kerberos cluster
Posted by rafa <ra...@gmail.com>.
Hi,
The method 1 should work as far as the query server connects to the cluster
successfully with the configured keytab. It seems a classpath problem on
client side:
[ERROR] Terminal initialization failed; falling back to unsupported
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.phoenix.sh
aded.org.fusesource.jansi.internal.Kernel32
I have no exprience with windows. Seems that there is need for jline in the
classpath
https://jline.github.io/
check this:
https://issues.apache.org/jira/browse/HIVE-13824
regards
On Thu, Oct 5, 2017 at 2:29 PM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:
> Yes, It is installed in all the JVMs. Any other solution.
>
>
> On Wed, Oct 4, 2017 at 5:30 PM, rafa <ra...@gmail.com> wrote:
>
>> Hi Mallieswari,
>>
>> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
>> Jurisdiction Policy Files are not installed in all the JVMs ?
>>
>> Regards,
>> rafa
>>
>> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
>> dmallieswari@gmail.com> wrote:
>>
>>> Hi ,
>>>
>>>
>>>
>>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>>> to Hbase version "1.2.5" in kerberos cluster.
>>>
>>>
>>>
>>> For phoenix secure cluster configuration, I have added the following
>>> properties into the *hbase-site.xml* present in *phoenix/bin* along
>>> with the properties of hbase configuration properties present in hbase/conf
>>> path and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin
>>> path
>>>
>>>
>>>
>>> phoenix.queryserver.keytab.file
>>>
>>> The key to look for keytab file.
>>>
>>> *unset*
>>>
>>> phoenix.queryserver.kerberos.principal
>>>
>>> The kerberos principal to use when authenticating.
>>>
>>> *unset*
>>>
>>> Phoenix Query Server:
>>>
>>>
>>>
>>> Once updated a above properties query server has been started
>>> successfully using keytab.
>>>
>>>
>>>
>>> *Command to Server:*
>>>
>>> *python queryserver.py*
>>>
>>>
>>>
>>> Phoenix Client:
>>>
>>>
>>>
>>> Once the query server is started successfully then the port no 8765
>>> comes to live. When i try to connect client with following command it
>>> returns GSS Exception. Am I missing any steps in configuration.
>>>
>>>
>>>
>>>
>>>
>>> *Command to Client:*
>>>
>>> Following are the methods i tried to connect in secure cluster it does
>>> not works.
>>>
>>>
>>>
>>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>>
>>> *Method 2:*
>>>
>>> python sqlthin-client.py http://hostname:8765;authentic
>>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;
>>> keytab=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>>
>>>
>>>
>>>
>>>
>>> *CLIENT SIDE ERROR:*
>>>
>>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>>>
>>> Failed to find hbase executable on PATH, defaulting serialization to
>>> PROTOBUF.
>>>
>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>
>>> java.lang.NoClassDefFoundError: Could not initialize class
>>> org.apache.phoenix.sh
>>>
>>> aded.org.fusesource.jansi.internal.Kernel32
>>>
>>> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>>> owsSuppor
>>>
>>> t.getConsoleMode(WindowsSupport.java:50)
>>>
>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>>> de(Window
>>>
>>> sTerminal.java:177)
>>>
>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>>> Terminal.
>>>
>>> java:80)
>>>
>>> at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>>> nalFactor
>>>
>>> y.java:101)
>>>
>>> at org.apache.phoenix.shaded.jline.TerminalFactory.get(Terminal
>>> Factory.j
>>>
>>> ava:159)
>>>
>>> at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>>
>>> at sqlline.SqlLine.<init>(SqlLine.java:55)
>>>
>>> at sqlline.SqlLine.start(SqlLine.java:397)
>>>
>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:88)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:85)
>>>
>>> at java.security.AccessController.doPrivileged(Native Method)
>>>
>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>
>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>> upInforma
>>>
>>> tion.java:1657)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>> llineWrap
>>>
>>> per.java:85)
>>>
>>>
>>>
>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>
>>> java.lang.NoClassDefFoundError: Could not initialize class
>>> org.apache.phoenix.sh
>>>
>>> aded.org.fusesource.jansi.internal.Kernel32
>>>
>>> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>>> owsSuppor
>>>
>>> t.getConsoleMode(WindowsSupport.java:50)
>>>
>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>>> de(Window
>>>
>>> sTerminal.java:177)
>>>
>>> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>>> Terminal.
>>>
>>> java:80)
>>>
>>> at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>>> nalFactor
>>>
>>> y.java:101)
>>>
>>> at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>>
>>> at sqlline.SqlLine.begin(SqlLine.java:657)
>>>
>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>
>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:88)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:85)
>>>
>>> at java.security.AccessController.doPrivileged(Native Method)
>>>
>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>
>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>> upInforma
>>>
>>> tion.java:1657)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>> llineWrap
>>>
>>> per.java:85)
>>>
>>>
>>>
>>> Setting property: [incremental, false]
>>>
>>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>>
>>> issuing: !connect jdbc:phoenix:thin:url=http://n
>>> amenode1:8765;serialization=PROT
>>>
>>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>>> .client.Drive
>>>
>>> r
>>>
>>> Connecting to jdbc:phoenix:thin:url=http://n
>>> amenode1:8765;serialization=PROTOBUF
>>>
>>> ;authentication=SPNEGO
>>>
>>> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>>>
>>> at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSp
>>> negoImpl.
>>>
>>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>>
>>> at org.apache.calcite.avatica.remote.RemoteProtobufService._app
>>> ly(Remote
>>>
>>> ProtobufService.java:45)
>>>
>>> at org.apache.calcite.avatica.remote.ProtobufService.apply(Prot
>>> obufServi
>>>
>>> ce.java:81)
>>>
>>> at org.apache.calcite.avatica.remote.Driver.connect(Driver.java
>>> :176)
>>>
>>> at sqlline.DatabaseConnection.connect(DatabaseConnection.java:1
>>> 57)
>>>
>>> at sqlline.DatabaseConnection.getConnection(DatabaseConnection.
>>> java:203)
>>>
>>>
>>>
>>> at sqlline.Commands.connect(Commands.java:1064)
>>>
>>> at sqlline.Commands.connect(Commands.java:996)
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.
>>>
>>> java:57)
>>>
>>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAcces
>>>
>>> sorImpl.java:43)
>>>
>>> at java.lang.reflect.Method.invoke(Method.java:606)
>>>
>>> at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHa
>>> ndler.jav
>>>
>>> a:38)
>>>
>>> at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>>
>>> at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>>
>>> at sqlline.SqlLine.begin(SqlLine.java:661)
>>>
>>> at sqlline.SqlLine.start(SqlLine.java:398)
>>>
>>> at sqlline.SqlLine.main(SqlLine.java:291)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:88)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:85)
>>>
>>> at java.security.AccessController.doPrivileged(Native Method)
>>>
>>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>>
>>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>> upInforma
>>>
>>> tion.java:1657)
>>>
>>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>> llineWrap
>>>
>>> per.java:85)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *SERVER SIDE ERROR:*
>>>
>>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>>
>>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
>>>
>>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>>
>>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>>> Encryption
>>>
>>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>>
>>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>>> ext.java:
>>>
>>> 788)
>>>
>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :342)
>>>
>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :285)
>>>
>>> at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(
>>> SpNegoCon
>>>
>>> text.java:871)
>>>
>>> at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNe
>>> goContext
>>>
>>> .java:544)
>>>
>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :342)
>>>
>>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :285)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoL
>>> oginServi
>>>
>>> ce.login(SpnegoLoginService.java:137)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>>> ication.L
>>>
>>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>>> ication.S
>>>
>>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.Securit
>>> yHandler.
>>>
>>> handle(SecurityHandler.java:512)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>>> andlerLis
>>>
>>> t.handle(HandlerList.java:52)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>>> andlerWra
>>>
>>> pper.handle(HandlerWrapper.java:97)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.ha
>>> ndle(Serv
>>>
>>> er.java:499)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChann
>>> el.handle
>>>
>>> (HttpChannel.java:311)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConne
>>> ction.onF
>>>
>>> illable(HttpConnection.java:257)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConne
>>> ction$2.r
>>>
>>> un(AbstractConnection.java:544)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>>> edThreadP
>>>
>>> ool.runJob(QueuedThreadPool.java:635)
>>>
>>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>>> edThreadP
>>>
>>> ool$3.run(QueuedThreadPool.java:555)
>>>
>>> at java.lang.Thread.run(Thread.java:744)
>>>
>>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>>> SHA1-96 is no
>>>
>>> t supported/enabled
>>>
>>> at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:5
>>> 52)
>>>
>>> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>>
>>> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>>
>>> at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecCon
>>> textToken
>>>
>>> .java:108)
>>>
>>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>>> ext.java:
>>>
>>> 771)
>>>
>>> ... 19 more
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Please help me to solve this issue.
>>>
>>> --
>>>
>>> Thanks and regards
>>>
>>> D.Mallieswari
>>>
>>
>>
>
>
> --
> Thanks and regards
> D.Mallieswari
>
Re: Cannot connect phoenix client in kerberos cluster
Posted by Mallieswari Dineshbabu <dm...@gmail.com>.
Yes, It is installed in all the JVMs. Any other solution.
On Wed, Oct 4, 2017 at 5:30 PM, rafa <ra...@gmail.com> wrote:
> Hi Mallieswari,
>
> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
> Jurisdiction Policy Files are not installed in all the JVMs ?
>
> Regards,
> rafa
>
> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
> dmallieswari@gmail.com> wrote:
>
>> Hi ,
>>
>>
>>
>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>> to Hbase version "1.2.5" in kerberos cluster.
>>
>>
>>
>> For phoenix secure cluster configuration, I have added the following
>> properties into the *hbase-site.xml* present in *phoenix/bin* along with
>> the properties of hbase configuration properties present in hbase/conf path
>> and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path
>>
>>
>>
>> phoenix.queryserver.keytab.file
>>
>> The key to look for keytab file.
>>
>> *unset*
>>
>> phoenix.queryserver.kerberos.principal
>>
>> The kerberos principal to use when authenticating.
>>
>> *unset*
>>
>> Phoenix Query Server:
>>
>>
>>
>> Once updated a above properties query server has been started
>> successfully using keytab.
>>
>>
>>
>> *Command to Server:*
>>
>> *python queryserver.py*
>>
>>
>>
>> Phoenix Client:
>>
>>
>>
>> Once the query server is started successfully then the port no 8765 comes
>> to live. When i try to connect client with following command it returns GSS
>> Exception. Am I missing any steps in configuration.
>>
>>
>>
>>
>>
>> *Command to Client:*
>>
>> Following are the methods i tried to connect in secure cluster it does
>> not works.
>>
>>
>>
>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>
>> *Method 2:*
>>
>> python sqlthin-client.py http://hostname:8765;authentic
>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.
>> COM;keytab=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>
>>
>>
>>
>>
>> *CLIENT SIDE ERROR:*
>>
>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>>
>> Failed to find hbase executable on PATH, defaulting serialization to
>> PROTOBUF.
>>
>> [ERROR] Terminal initialization failed; falling back to unsupported
>>
>> java.lang.NoClassDefFoundError: Could not initialize class
>> org.apache.phoenix.sh
>>
>> aded.org.fusesource.jansi.internal.Kernel32
>>
>> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>> owsSuppor
>>
>> t.getConsoleMode(WindowsSupport.java:50)
>>
>> at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>> de(Window
>>
>> sTerminal.java:177)
>>
>> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>> Terminal.
>>
>> java:80)
>>
>> at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>> nalFactor
>>
>> y.java:101)
>>
>> at org.apache.phoenix.shaded.jline.TerminalFactory.get(Terminal
>> Factory.j
>>
>> ava:159)
>>
>> at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>
>> at sqlline.SqlLine.<init>(SqlLine.java:55)
>>
>> at sqlline.SqlLine.start(SqlLine.java:397)
>>
>> at sqlline.SqlLine.main(SqlLine.java:291)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:88)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:85)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>
>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>> upInforma
>>
>> tion.java:1657)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>> llineWrap
>>
>> per.java:85)
>>
>>
>>
>> [ERROR] Terminal initialization failed; falling back to unsupported
>>
>> java.lang.NoClassDefFoundError: Could not initialize class
>> org.apache.phoenix.sh
>>
>> aded.org.fusesource.jansi.internal.Kernel32
>>
>> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>> owsSuppor
>>
>> t.getConsoleMode(WindowsSupport.java:50)
>>
>> at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>> de(Window
>>
>> sTerminal.java:177)
>>
>> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>> Terminal.
>>
>> java:80)
>>
>> at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>> nalFactor
>>
>> y.java:101)
>>
>> at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>
>> at sqlline.SqlLine.begin(SqlLine.java:657)
>>
>> at sqlline.SqlLine.start(SqlLine.java:398)
>>
>> at sqlline.SqlLine.main(SqlLine.java:291)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:88)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:85)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>
>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>> upInforma
>>
>> tion.java:1657)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>> llineWrap
>>
>> per.java:85)
>>
>>
>>
>> Setting property: [incremental, false]
>>
>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>
>> issuing: !connect jdbc:phoenix:thin:url=http://n
>> amenode1:8765;serialization=PROT
>>
>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>> .client.Drive
>>
>> r
>>
>> Connecting to jdbc:phoenix:thin:url=http://n
>> amenode1:8765;serialization=PROTOBUF
>>
>> ;authentication=SPNEGO
>>
>> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>>
>> at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSp
>> negoImpl.
>>
>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>
>> at org.apache.calcite.avatica.remote.RemoteProtobufService._app
>> ly(Remote
>>
>> ProtobufService.java:45)
>>
>> at org.apache.calcite.avatica.remote.ProtobufService.apply(Prot
>> obufServi
>>
>> ce.java:81)
>>
>> at org.apache.calcite.avatica.remote.Driver.connect(Driver.java
>> :176)
>>
>> at sqlline.DatabaseConnection.connect(DatabaseConnection.java:
>> 157)
>>
>> at sqlline.DatabaseConnection.getConnection(DatabaseConnection.
>> java:203)
>>
>>
>>
>> at sqlline.Commands.connect(Commands.java:1064)
>>
>> at sqlline.Commands.connect(Commands.java:996)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.
>>
>> java:57)
>>
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAcces
>>
>> sorImpl.java:43)
>>
>> at java.lang.reflect.Method.invoke(Method.java:606)
>>
>> at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHa
>> ndler.jav
>>
>> a:38)
>>
>> at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>
>> at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>
>> at sqlline.SqlLine.begin(SqlLine.java:661)
>>
>> at sqlline.SqlLine.start(SqlLine.java:398)
>>
>> at sqlline.SqlLine.main(SqlLine.java:291)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:88)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:85)
>>
>> at java.security.AccessController.doPrivileged(Native Method)
>>
>> at javax.security.auth.Subject.doAs(Subject.java:415)
>>
>> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>> upInforma
>>
>> tion.java:1657)
>>
>> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>> llineWrap
>>
>> per.java:85)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *SERVER SIDE ERROR:*
>>
>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>
>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
>>
>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>
>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>> Encryption
>>
>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>
>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>> ext.java:
>>
>> 788)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :342)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :285)
>>
>> at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(
>> SpNegoCon
>>
>> text.java:871)
>>
>> at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(
>> SpNegoContext
>>
>> .java:544)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :342)
>>
>> at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :285)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoL
>> oginServi
>>
>> ce.login(SpnegoLoginService.java:137)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>> ication.L
>>
>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>> ication.S
>>
>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.security.Securit
>> yHandler.
>>
>> handle(SecurityHandler.java:512)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>> andlerLis
>>
>> t.handle(HandlerList.java:52)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>> andlerWra
>>
>> pper.handle(HandlerWrapper.java:97)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.ha
>> ndle(Serv
>>
>> er.java:499)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChann
>> el.handle
>>
>> (HttpChannel.java:311)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConne
>> ction.onF
>>
>> illable(HttpConnection.java:257)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConne
>> ction$2.r
>>
>> un(AbstractConnection.java:544)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>> edThreadP
>>
>> ool.runJob(QueuedThreadPool.java:635)
>>
>> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>> edThreadP
>>
>> ool$3.run(QueuedThreadPool.java:555)
>>
>> at java.lang.Thread.run(Thread.java:744)
>>
>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>> SHA1-96 is no
>>
>> t supported/enabled
>>
>> at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:
>> 552)
>>
>> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>
>> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>
>> at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecCon
>> textToken
>>
>> .java:108)
>>
>> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>> ext.java:
>>
>> 771)
>>
>> ... 19 more
>>
>>
>>
>>
>>
>>
>>
>> Please help me to solve this issue.
>>
>> --
>>
>> Thanks and regards
>>
>> D.Mallieswari
>>
>
>
--
Thanks and regards
D.Mallieswari
Re: Cannot connect phoenix client in kerberos cluster
Posted by rafa <ra...@gmail.com>.
Hi Mallieswari,
Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
Jurisdiction Policy Files are not installed in all the JVMs ?
Regards,
rafa
On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:
> Hi ,
>
>
>
> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
> to Hbase version "1.2.5" in kerberos cluster.
>
>
>
> For phoenix secure cluster configuration, I have added the following
> properties into the *hbase-site.xml* present in *phoenix/bin* along with
> the properties of hbase configuration properties present in hbase/conf path
> and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path
>
>
>
> phoenix.queryserver.keytab.file
>
> The key to look for keytab file.
>
> *unset*
>
> phoenix.queryserver.kerberos.principal
>
> The kerberos principal to use when authenticating.
>
> *unset*
>
> Phoenix Query Server:
>
>
>
> Once updated a above properties query server has been started successfully
> using keytab.
>
>
>
> *Command to Server:*
>
> *python queryserver.py*
>
>
>
> Phoenix Client:
>
>
>
> Once the query server is started successfully then the port no 8765 comes
> to live. When i try to connect client with following command it returns GSS
> Exception. Am I missing any steps in configuration.
>
>
>
>
>
> *Command to Client:*
>
> Following are the methods i tried to connect in secure cluster it does not
> works.
>
>
>
> *Method 1:* python sqlline-thin.py http://hostname:8765
>
> *Method 2:*
>
> python sqlthin-client.py http://hostname:8765;authentication=SPNEGO;
> principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:\\
> path\\to\\HadoopKeyTabs\\\phoenix.keytab
> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>
>
>
>
>
> *CLIENT SIDE ERROR:*
>
> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>
> Failed to find hbase executable on PATH, defaulting serialization to
> PROTOBUF.
>
> [ERROR] Terminal initialization failed; falling back to unsupported
>
> java.lang.NoClassDefFoundError: Could not initialize class
> org.apache.phoenix.sh
>
> aded.org.fusesource.jansi.internal.Kernel32
>
> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.
> WindowsSuppor
>
> t.getConsoleMode(WindowsSupport.java:50)
>
> at org.apache.phoenix.shaded.jline.WindowsTerminal.
> getConsoleMode(Window
>
> sTerminal.java:177)
>
> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(
> WindowsTerminal.
>
> java:80)
>
> at org.apache.phoenix.shaded.jline.TerminalFactory.create(
> TerminalFactor
>
> y.java:101)
>
> at org.apache.phoenix.shaded.jline.TerminalFactory.get(
> TerminalFactory.j
>
> ava:159)
>
> at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>
> at sqlline.SqlLine.<init>(SqlLine.java:55)
>
> at sqlline.SqlLine.start(SqlLine.java:397)
>
> at sqlline.SqlLine.main(SqlLine.java:291)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:88)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:85)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAs(Subject.java:415)
>
> at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInforma
>
> tion.java:1657)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(
> SqllineWrap
>
> per.java:85)
>
>
>
> [ERROR] Terminal initialization failed; falling back to unsupported
>
> java.lang.NoClassDefFoundError: Could not initialize class
> org.apache.phoenix.sh
>
> aded.org.fusesource.jansi.internal.Kernel32
>
> at org.apache.phoenix.shaded.org.fusesource.jansi.internal.
> WindowsSuppor
>
> t.getConsoleMode(WindowsSupport.java:50)
>
> at org.apache.phoenix.shaded.jline.WindowsTerminal.
> getConsoleMode(Window
>
> sTerminal.java:177)
>
> at org.apache.phoenix.shaded.jline.WindowsTerminal.init(
> WindowsTerminal.
>
> java:80)
>
> at org.apache.phoenix.shaded.jline.TerminalFactory.create(
> TerminalFactor
>
> y.java:101)
>
> at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>
> at sqlline.SqlLine.begin(SqlLine.java:657)
>
> at sqlline.SqlLine.start(SqlLine.java:398)
>
> at sqlline.SqlLine.main(SqlLine.java:291)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:88)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:85)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAs(Subject.java:415)
>
> at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInforma
>
> tion.java:1657)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(
> SqllineWrap
>
> per.java:85)
>
>
>
> Setting property: [incremental, false]
>
> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>
> issuing: !connect jdbc:phoenix:thin:url=http://
> namenode1:8765;serialization=PROT
>
> OBUF;authentication=SPNEGO none none org.apache.phoenix.
> queryserver.client.Drive
>
> r
>
> Connecting to jdbc:phoenix:thin:url=http://namenode1:8765;serialization=
> PROTOBUF
>
> ;authentication=SPNEGO
>
> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>
> at org.apache.calcite.avatica.remote.
> AvaticaCommonsHttpClientSpnegoImpl.
>
> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>
> at org.apache.calcite.avatica.remote.RemoteProtobufService._
> apply(Remote
>
> ProtobufService.java:45)
>
> at org.apache.calcite.avatica.remote.ProtobufService.apply(
> ProtobufServi
>
> ce.java:81)
>
> at org.apache.calcite.avatica.remote.Driver.connect(Driver.
> java:176)
>
> at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157)
>
> at sqlline.DatabaseConnection.getConnection(
> DatabaseConnection.java:203)
>
>
>
> at sqlline.Commands.connect(Commands.java:1064)
>
> at sqlline.Commands.connect(Commands.java:996)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.
>
> java:57)
>
> at sun.reflect.DelegatingMethodAccessorImpl.
> invoke(DelegatingMethodAcces
>
> sorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:606)
>
> at sqlline.ReflectiveCommandHandler.execute(
> ReflectiveCommandHandler.jav
>
> a:38)
>
> at sqlline.SqlLine.dispatch(SqlLine.java:809)
>
> at sqlline.SqlLine.initArgs(SqlLine.java:588)
>
> at sqlline.SqlLine.begin(SqlLine.java:661)
>
> at sqlline.SqlLine.start(SqlLine.java:398)
>
> at sqlline.SqlLine.main(SqlLine.java:291)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:88)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:85)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAs(Subject.java:415)
>
> at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInforma
>
> tion.java:1657)
>
> at org.apache.phoenix.queryserver.client.SqllineWrapper.main(
> SqllineWrap
>
> per.java:85)
>
>
>
>
>
>
>
>
>
> *SERVER SIDE ERROR:*
>
> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>
> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
>
> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>
> GSSException: Failure unspecified at GSS-API level (Mechanism level:
> Encryption
>
> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 788)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
> at sun.security.jgss.spnego.SpNegoContext.GSS_
> acceptSecContext(SpNegoCon
>
> text.java:871)
>
> at sun.security.jgss.spnego.SpNegoContext.
> acceptSecContext(SpNegoContext
>
> .java:544)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
> at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SpnegoLoginServi
>
> ce.login(SpnegoLoginService.java:137)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.L
>
> oginAuthenticator.login(LoginAuthenticator.java:61)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.S
>
> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SecurityHandler.
>
> handle(SecurityHandler.java:512)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerLis
>
> t.handle(HandlerList.java:52)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerWra
>
> pper.handle(HandlerWrapper.java:97)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.
> handle(Serv
>
> er.java:499)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpChannel.handle
>
> (HttpChannel.java:311)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpConnection.onF
>
> illable(HttpConnection.java:257)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.io.
> AbstractConnection$2.r
>
> un(AbstractConnection.java:544)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool.runJob(QueuedThreadPool.java:635)
>
> at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool$3.run(QueuedThreadPool.java:555)
>
> at java.lang.Thread.run(Thread.java:744)
>
> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96
> is no
>
> t supported/enabled
>
> at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:552)
>
> at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>
> at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>
> at sun.security.jgss.krb5.InitSecContextToken.<init>(
> InitSecContextToken
>
> .java:108)
>
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 771)
>
> ... 19 more
>
>
>
>
>
>
>
> Please help me to solve this issue.
>
> --
>
> Thanks and regards
>
> D.Mallieswari
>