phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anil gupta <anilgupt...@gmail.com>
Subject Re: Phoenix JDBC connection to secure HBase fails
Date Wed, 09 Dec 2015 23:05:40 GMT
Hi Akhilesh,

You can add hbase/hadoop config directories in application classpath. You
dont need to copy conf files in your app lib folder.

Thanks,
Anil Gupta

On Wed, Dec 9, 2015 at 2:54 PM, Biju N <bijuatapache@gmail.com> wrote:

> Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from
> the target cluster to the class path resolved the issue. We initially only
> had hbase and hdfs site xmls in the class path.  Is there a way to set the
> hbase/core site properties in the code instead of copying the config xmls
> to the class path.
>
> On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mujtaba@apache.org> wrote:
>
>> Add the following java parameter to connect to secure cluster:
>> -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
>> -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
>> are at
>>
>> http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html
>> .
>>
>>
>> //mujtaba
>>
>> On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bijuatapache@gmail.com> wrote:
>>
>> > Hi There,
>> >    We are trying to connect to a secure HBase/Phoenix cluster through
>> > Phoenix JDBC using a kerberos Keytab and Principal. Using the same
>> Keytab
>> > and principal we are able to connect successfully to HBase through HBase
>> > APIs but the connection request fails when making the Phoenix JDBC
>> > connection.
>> >
>> > The JDBC connection string used is of the format
>> >
>> > "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
>> >
>> > and the following is the exception. If any pointers to what could be the
>> > cause for this exception that would be helpful. We are using Phoenix 4.2
>> > against hbase 98.x.
>> >
>> > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient  - SASL
>> > authentication failed. The most likely cause is missing or invalid
>> > credentials. Consider 'kinit'.
>> > javax.security.sasl.SaslException: GSS initiate failed [Caused by
>> > GSSException: No valid credentials provided (Mechanism level: Failed to
>> > find any Kerberos tgt)]
>> >         at
>> >
>> >
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
>> >         at
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
>> >         at
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
>> >         at java.security.AccessController.doPrivileged(Native Method)
>> >         at javax.security.auth.Subject.doAs(Subject.java:422)
>> >         at
>> >
>> >
>> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
>> >         at
>> org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
>> >         at
>> >
>> >
>> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
>> >         at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
>> >         at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
>> >         at
>> >
>> >
>> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
>> >         at
>> >
>> >
>> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
>> >         at
>> >
>> >
>> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
>> >         at
>> >
>> >
>> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
>> >         at
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
>> >         at
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
>> >         at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
>> >         at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
>> >         at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
>> >         at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
>> >         at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
>> >         at
>> >
>> >
>> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
>> >         at
>> >
>> >
>> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
>> >         at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
>> >         at
>> >
>> >
>> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
>> >         at
>> > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
>> >         at java.sql.DriverManager.getConnection(DriverManager.java:664)
>> >         at java.sql.DriverManager.getConnection(DriverManager.java:270)
>> >         at
>> com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
>> > Caused by: GSSException: No valid credentials provided (Mechanism level:
>> > Failed to find any Kerberos tgt)
>> >         at
>> >
>> >
>> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>> >         at
>> >
>> >
>> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
>> >         at
>> >
>> >
>> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>> >         at
>> >
>> >
>> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
>> >         at
>> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
>> >         at
>> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
>> >         at
>> >
>> >
>> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
>> >         ... 46 more
>> >
>>
>
>


-- 
Thanks & Regards,
Anil Gupta

Mime
View raw message