You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by Biju N <bi...@gmail.com> on 2015/12/08 16:20:17 UTC
Phoenix JDBC connection to secure HBase fails
Hi There,
We are trying to connect to a secure HBase/Phoenix cluster through
Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab
and principal we are able to connect successfully to HBase through HBase
APIs but the connection request fails when making the Phoenix JDBC
connection.
The JDBC connection string used is of the format
"jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
and the following is the exception. If any pointers to what could be the
cause for this exception that would be helpful. We are using Phoenix 4.2
against hbase 98.x.
34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
authentication failed. The most likely cause is missing or invalid
credentials. Consider 'kinit'.
javax.security.sasl.SaslException: GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Failed to
find any Kerberos tgt)]
at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
at
org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
at
org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
at org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
at
org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
at
org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
at
org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
at
org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
at
org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
at
org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
at
org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
at
org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
at
org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
at
org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
at
org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
at
org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
at
org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
at
org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
at
org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
at
org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
at
org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
at
org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
at
org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
at
org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
at
org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
at
org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
at
org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
at
org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
at
org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
at
org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
at
org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
at
org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
at
org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
at
org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:270)
at com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
Caused by: GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos tgt)
at
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at
sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at
sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 46 more
Re: Phoenix JDBC connection to secure HBase fails
Posted by anil gupta <an...@gmail.com>.
Hi Akhilesh,
You can add hbase/hadoop config directories in application classpath. You
dont need to copy conf files in your app lib folder.
Thanks,
Anil Gupta
On Wed, Dec 9, 2015 at 2:54 PM, Biju N <bi...@gmail.com> wrote:
> Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from
> the target cluster to the class path resolved the issue. We initially only
> had hbase and hdfs site xmls in the class path. Is there a way to set the
> hbase/core site properties in the code instead of copying the config xmls
> to the class path.
>
> On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mu...@apache.org> wrote:
>
>> Add the following java parameter to connect to secure cluster:
>> -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
>> -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
>> are at
>>
>> http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html
>> .
>>
>>
>> //mujtaba
>>
>> On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bi...@gmail.com> wrote:
>>
>> > Hi There,
>> > We are trying to connect to a secure HBase/Phoenix cluster through
>> > Phoenix JDBC using a kerberos Keytab and Principal. Using the same
>> Keytab
>> > and principal we are able to connect successfully to HBase through HBase
>> > APIs but the connection request fails when making the Phoenix JDBC
>> > connection.
>> >
>> > The JDBC connection string used is of the format
>> >
>> > "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
>> >
>> > and the following is the exception. If any pointers to what could be the
>> > cause for this exception that would be helpful. We are using Phoenix 4.2
>> > against hbase 98.x.
>> >
>> > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
>> > authentication failed. The most likely cause is missing or invalid
>> > credentials. Consider 'kinit'.
>> > javax.security.sasl.SaslException: GSS initiate failed [Caused by
>> > GSSException: No valid credentials provided (Mechanism level: Failed to
>> > find any Kerberos tgt)]
>> > at
>> >
>> >
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
>> > at
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
>> > at
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
>> > at java.security.AccessController.doPrivileged(Native Method)
>> > at javax.security.auth.Subject.doAs(Subject.java:422)
>> > at
>> >
>> >
>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
>> > at
>> org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
>> > at
>> >
>> >
>> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
>> > at
>> >
>> >
>> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
>> > at
>> >
>> >
>> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
>> > at
>> >
>> >
>> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
>> > at
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
>> > at
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
>> > at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
>> > at
>> >
>> >
>> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
>> > at
>> > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
>> > at java.sql.DriverManager.getConnection(DriverManager.java:664)
>> > at java.sql.DriverManager.getConnection(DriverManager.java:270)
>> > at
>> com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
>> > Caused by: GSSException: No valid credentials provided (Mechanism level:
>> > Failed to find any Kerberos tgt)
>> > at
>> >
>> >
>> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>> > at
>> >
>> >
>> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
>> > at
>> >
>> >
>> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>> > at
>> >
>> >
>> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
>> > at
>> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>> > at
>> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>> > at
>> >
>> >
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
>> > ... 46 more
>> >
>>
>
>
--
Thanks & Regards,
Anil Gupta
Re: Phoenix JDBC connection to secure HBase fails
Posted by anil gupta <an...@gmail.com>.
Hi Akhilesh,
You can add hbase/hadoop config directories in application classpath. You
dont need to copy conf files in your app lib folder.
Thanks,
Anil Gupta
On Wed, Dec 9, 2015 at 2:54 PM, Biju N <bi...@gmail.com> wrote:
> Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from
> the target cluster to the class path resolved the issue. We initially only
> had hbase and hdfs site xmls in the class path. Is there a way to set the
> hbase/core site properties in the code instead of copying the config xmls
> to the class path.
>
> On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mu...@apache.org> wrote:
>
>> Add the following java parameter to connect to secure cluster:
>> -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
>> -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
>> are at
>>
>> http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html
>> .
>>
>>
>> //mujtaba
>>
>> On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bi...@gmail.com> wrote:
>>
>> > Hi There,
>> > We are trying to connect to a secure HBase/Phoenix cluster through
>> > Phoenix JDBC using a kerberos Keytab and Principal. Using the same
>> Keytab
>> > and principal we are able to connect successfully to HBase through HBase
>> > APIs but the connection request fails when making the Phoenix JDBC
>> > connection.
>> >
>> > The JDBC connection string used is of the format
>> >
>> > "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
>> >
>> > and the following is the exception. If any pointers to what could be the
>> > cause for this exception that would be helpful. We are using Phoenix 4.2
>> > against hbase 98.x.
>> >
>> > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
>> > authentication failed. The most likely cause is missing or invalid
>> > credentials. Consider 'kinit'.
>> > javax.security.sasl.SaslException: GSS initiate failed [Caused by
>> > GSSException: No valid credentials provided (Mechanism level: Failed to
>> > find any Kerberos tgt)]
>> > at
>> >
>> >
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
>> > at
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
>> > at
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
>> > at java.security.AccessController.doPrivileged(Native Method)
>> > at javax.security.auth.Subject.doAs(Subject.java:422)
>> > at
>> >
>> >
>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
>> > at
>> org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
>> > at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
>> > at
>> >
>> >
>> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
>> > at
>> >
>> >
>> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
>> > at
>> >
>> >
>> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
>> > at
>> >
>> >
>> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
>> > at
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
>> > at
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
>> > at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
>> > at
>> >
>> >
>> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
>> > at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
>> > at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
>> > at
>> > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
>> > at java.sql.DriverManager.getConnection(DriverManager.java:664)
>> > at java.sql.DriverManager.getConnection(DriverManager.java:270)
>> > at
>> com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
>> > Caused by: GSSException: No valid credentials provided (Mechanism level:
>> > Failed to find any Kerberos tgt)
>> > at
>> >
>> >
>> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>> > at
>> >
>> >
>> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
>> > at
>> >
>> >
>> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>> > at
>> >
>> >
>> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
>> > at
>> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>> > at
>> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>> > at
>> >
>> >
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
>> > ... 46 more
>> >
>>
>
>
--
Thanks & Regards,
Anil Gupta
Re: Phoenix JDBC connection to secure HBase fails
Posted by Biju N <bi...@gmail.com>.
Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from the
target cluster to the class path resolved the issue. We initially only had
hbase and hdfs site xmls in the class path. Is there a way to set the
hbase/core site properties in the code instead of copying the config xmls
to the class path.
On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mu...@apache.org> wrote:
> Add the following java parameter to connect to secure cluster:
> -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
> -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
> are at
>
> http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html
> .
>
>
> //mujtaba
>
> On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bi...@gmail.com> wrote:
>
> > Hi There,
> > We are trying to connect to a secure HBase/Phoenix cluster through
> > Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab
> > and principal we are able to connect successfully to HBase through HBase
> > APIs but the connection request fails when making the Phoenix JDBC
> > connection.
> >
> > The JDBC connection string used is of the format
> >
> > "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
> >
> > and the following is the exception. If any pointers to what could be the
> > cause for this exception that would be helpful. We are using Phoenix 4.2
> > against hbase 98.x.
> >
> > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
> > authentication failed. The most likely cause is missing or invalid
> > credentials. Consider 'kinit'.
> > javax.security.sasl.SaslException: GSS initiate failed [Caused by
> > GSSException: No valid credentials provided (Mechanism level: Failed to
> > find any Kerberos tgt)]
> > at
> >
> >
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
> > at
> >
> >
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
> > at
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
> > at
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
> > at java.security.AccessController.doPrivileged(Native Method)
> > at javax.security.auth.Subject.doAs(Subject.java:422)
> > at
> >
> >
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
> > at
> org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
> > at
> >
> >
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
> > at
> >
> >
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
> > at
> >
> >
> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
> > at
> >
> >
> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
> > at
> >
> >
> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
> > at
> >
> >
> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
> > at
> >
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
> > at
> >
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
> > at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
> > at
> >
> >
> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
> > at
> > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
> > at java.sql.DriverManager.getConnection(DriverManager.java:664)
> > at java.sql.DriverManager.getConnection(DriverManager.java:270)
> > at
> com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
> > Caused by: GSSException: No valid credentials provided (Mechanism level:
> > Failed to find any Kerberos tgt)
> > at
> >
> >
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
> > at
> >
> >
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
> > at
> >
> >
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
> > at
> >
> >
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
> > at
> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
> > at
> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
> > at
> >
> >
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
> > ... 46 more
> >
>
Re: Phoenix JDBC connection to secure HBase fails
Posted by Biju N <bi...@gmail.com>.
Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from the
target cluster to the class path resolved the issue. We initially only had
hbase and hdfs site xmls in the class path. Is there a way to set the
hbase/core site properties in the code instead of copying the config xmls
to the class path.
On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mu...@apache.org> wrote:
> Add the following java parameter to connect to secure cluster:
> -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
> -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
> are at
>
> http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html
> .
>
>
> //mujtaba
>
> On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bi...@gmail.com> wrote:
>
> > Hi There,
> > We are trying to connect to a secure HBase/Phoenix cluster through
> > Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab
> > and principal we are able to connect successfully to HBase through HBase
> > APIs but the connection request fails when making the Phoenix JDBC
> > connection.
> >
> > The JDBC connection string used is of the format
> >
> > "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
> >
> > and the following is the exception. If any pointers to what could be the
> > cause for this exception that would be helpful. We are using Phoenix 4.2
> > against hbase 98.x.
> >
> > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
> > authentication failed. The most likely cause is missing or invalid
> > credentials. Consider 'kinit'.
> > javax.security.sasl.SaslException: GSS initiate failed [Caused by
> > GSSException: No valid credentials provided (Mechanism level: Failed to
> > find any Kerberos tgt)]
> > at
> >
> >
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
> > at
> >
> >
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
> > at
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
> > at
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
> > at java.security.AccessController.doPrivileged(Native Method)
> > at javax.security.auth.Subject.doAs(Subject.java:422)
> > at
> >
> >
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
> > at
> org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
> > at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
> > at
> >
> >
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
> > at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
> > at
> >
> >
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
> > at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
> > at
> >
> >
> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
> > at
> >
> >
> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
> > at
> >
> >
> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
> > at
> >
> >
> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
> > at
> >
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
> > at
> >
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
> > at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
> > at
> >
> >
> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
> > at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
> > at
> >
> >
> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
> > at
> > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
> > at java.sql.DriverManager.getConnection(DriverManager.java:664)
> > at java.sql.DriverManager.getConnection(DriverManager.java:270)
> > at
> com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
> > Caused by: GSSException: No valid credentials provided (Mechanism level:
> > Failed to find any Kerberos tgt)
> > at
> >
> >
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
> > at
> >
> >
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
> > at
> >
> >
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
> > at
> >
> >
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
> > at
> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
> > at
> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
> > at
> >
> >
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
> > ... 46 more
> >
>
Re: Phoenix JDBC connection to secure HBase fails
Posted by Mujtaba Chohan <mu...@apache.org>.
Add the following java parameter to connect to secure cluster:
-Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
-Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
are at
http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html.
//mujtaba
On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bi...@gmail.com> wrote:
> Hi There,
> We are trying to connect to a secure HBase/Phoenix cluster through
> Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab
> and principal we are able to connect successfully to HBase through HBase
> APIs but the connection request fails when making the Phoenix JDBC
> connection.
>
> The JDBC connection string used is of the format
>
> "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
>
> and the following is the exception. If any pointers to what could be the
> cause for this exception that would be helpful. We are using Phoenix 4.2
> against hbase 98.x.
>
> 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
> authentication failed. The most likely cause is missing or invalid
> credentials. Consider 'kinit'.
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to
> find any Kerberos tgt)]
> at
>
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
> at
>
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
>
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
> at org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
> at
>
> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
> at
>
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
> at
>
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
> at
>
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
> at
>
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
> at
>
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
> at
>
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
> at
>
> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
> at
>
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
> at
>
> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
> at
>
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
> at
>
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
> at
>
> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
> at
>
> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
> at
>
> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
> at
>
> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
> at
>
> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
> at
>
> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
> at
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
> at
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
> at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
> at
>
> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
> at
>
> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
> at
>
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
> at
>
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
> at
>
> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
> at
>
> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
> at
>
> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
> at
>
> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
> at
> org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
> at java.sql.DriverManager.getConnection(DriverManager.java:664)
> at java.sql.DriverManager.getConnection(DriverManager.java:270)
> at com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos tgt)
> at
>
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
> at
>
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
> at
>
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
> at
>
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
> at
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
> at
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
> at
>
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
> ... 46 more
>
Re: Phoenix JDBC connection to secure HBase fails
Posted by Akhilesh Pathodia <pa...@gmail.com>.
Where are you making Phoenix JDBC connection from? Is it a Spark job or
flume? Did you run kinit command before attempting to get hbase connection?
kinit -k -t <keytab> <principal>
kinit -R
Thanks,
Akhilesh
On Tue, Dec 8, 2015 at 8:50 PM, Biju N <bi...@gmail.com> wrote:
> Hi There,
> We are trying to connect to a secure HBase/Phoenix cluster through
> Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab
> and principal we are able to connect successfully to HBase through HBase
> APIs but the connection request fails when making the Phoenix JDBC
> connection.
>
> The JDBC connection string used is of the format
>
> "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
>
> and the following is the exception. If any pointers to what could be the
> cause for this exception that would be helpful. We are using Phoenix 4.2
> against hbase 98.x.
>
> 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient - SASL
> authentication failed. The most likely cause is missing or invalid
> credentials. Consider 'kinit'.
> javax.security.sasl.SaslException: GSS initiate failed [Caused by
> GSSException: No valid credentials provided (Mechanism level: Failed to
> find any Kerberos tgt)]
> at
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
> at
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
> at org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
> at
> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
> at
> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
> at
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
> at
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
> at
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
> at
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
> at
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
> at
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
> at
> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
> at
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
> at
> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
> at
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
> at
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
> at
> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
> at
> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
> at
> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
> at
> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
> at
> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
> at
> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
> at
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
> at
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
> at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
> at
> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
> at
> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
> at
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
> at
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
> at
> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
> at
> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
> at
> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
> at
> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
> at
> org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
> at java.sql.DriverManager.getConnection(DriverManager.java:664)
> at java.sql.DriverManager.getConnection(DriverManager.java:270)
> at com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos tgt)
> at
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
> at
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
> at
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
> at
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
> at
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
> at
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
> at
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
> ... 46 more
>
>