You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by "Robert Levas (JIRA)" <ji...@apache.org> on 2015/03/24 11:15:53 UTC
[jira] [Updated] (AMBARI-10176) Storm service check failed after
disabling security
[ https://issues.apache.org/jira/browse/AMBARI-10176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Levas updated AMBARI-10176:
----------------------------------
Description:
>From nimbus.log
{code}
java.lang.NullPointerException: null
at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
{code}
*Solution*
The solution is to remove configuration properties that do not have default values when disabling Kerberos.
{code}
For each property updated per the Kerberos descriptor
Look up the default value from the stack definition
If a value is found, update the property to that "default" value
If a value is not found, remove the value from the configuration
{code}
For Storm in particular, remove the following properties:
- storm-site/drpc.authorizer
- storm-site/nimbus.authorizer
- storm-site/storm.principal.tolocal
- storm-site/ui.filter
was:
>From nimbus.log
{code}
java.lang.NullPointerException: null
at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
{code}
*Solution*
The solution is to remove configuration properties that do not have default values when disabling Kerberos.
{code}
For each property updated per the Kerberos descriptor
Look up the default value from the stack definition
If a value is found, update the property to that "default" value
If a value is not found, remove the value from the configuration
{code}
> Storm service check failed after disabling security
> ---------------------------------------------------
>
> Key: AMBARI-10176
> URL: https://issues.apache.org/jira/browse/AMBARI-10176
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Blocker
> Labels: kerberos
> Fix For: 2.1.0
>
>
> From nimbus.log
> {code}
> java.lang.NullPointerException: null
> at backtype.storm.security.auth.authorizer.SimpleACLAuthorizer.permit(SimpleACLAuthorizer.java:93) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_67]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_67]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_67]
> at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_67]
> at clojure.lang.Reflector.invokeMatchingMethod(Reflector.java:93) ~[clojure-1.5.1.jar:na]
> at clojure.lang.Reflector.invokeInstanceMethod(Reflector.java:28) ~[clojure-1.5.1.jar:na]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:773) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$check_authorization_BANG_.invoke(nimbus.clj:777) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.daemon.nimbus$fn__4017$exec_fn__1597__auto__$reify__4032.getClusterInfo(nimbus.clj:1215) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1668) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.generated.Nimbus$Processor$getClusterInfo.getResult(Nimbus.java:1656) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.ProcessFunction.process(ProcessFunction.java:32) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.TBaseProcessor.process(TBaseProcessor.java:34) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at backtype.storm.security.auth.SimpleTransportPlugin$SimpleWrapProcessor.process(SimpleTransportPlugin.java:156) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.TNonblockingServer$FrameBuffer.invoke(TNonblockingServer.java:632) ~[storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at org.apache.thrift7.server.THsHaServer$Invocation.run(THsHaServer.java:201) [storm-core-0.9.3.2.2.3.0-2611.jar:0.9.3.2.2.3.0-2611]
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67]
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67]
> {code}
> *Solution*
> The solution is to remove configuration properties that do not have default values when disabling Kerberos.
> {code}
> For each property updated per the Kerberos descriptor
> Look up the default value from the stack definition
> If a value is found, update the property to that "default" value
> If a value is not found, remove the value from the configuration
> {code}
> For Storm in particular, remove the following properties:
> - storm-site/drpc.authorizer
> - storm-site/nimbus.authorizer
> - storm-site/storm.principal.tolocal
> - storm-site/ui.filter
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)