phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "rohitrk.10" <roh...@whiteklay.in>
Subject Re: Cannot connect Phoenix to HBase in secure cluster (Kerberos)
Date Mon, 20 Mar 2017 06:50:06 GMT
Hi,



We did not find any other logs. We have added "-Dsun.security.krb5.debug=true", even then
there is no much information about the error. 

And also there are no logs about Phoenix trying to perform kerberos authentication in HBase
logs as well as in Kerberos logs. The log shared in the earlier mail is the only information
on error we have got.





Thanks &amp; Regards,

Rohit R. K.






---- On Tue, 14 Mar 2017 20:50:30 +0530 Josh Elser &lt;elserj@apache.org&gt; wrote
----




When you provide the principal and keytab options in the JDBC URL, the 

ticket cache (created by your kinit invocation) is not used. 

 

What does the other logging say from your client? You should see a 

message about Phoenix performing a Kerberos login given the information 

you provided. 

 

rohitrk.10 wrote: 

&gt; Hi, 

&gt; 

&gt; We are trying to connect to HBase in secure cluster using the following 

&gt; command as mentioned in the website, 

&gt; ./sqlline.py &lt;Zookeeper_Node_Hostname&gt;:5181:/hbase:&lt;Principal&gt;:&lt;keytab&gt;.


&gt; 

&gt; Hadoop version is MapR 5.2, HBase ver. 1.1.1 and Phoenix ver. 4.8.1 for 

&gt; HBase 1.1.1. 

&gt; 

&gt; We have executed "kinit -kt &lt;keytab&gt; &lt;principal&gt;" command
on all nodes 

&gt; before starting Phoenix but even then we are not able to connect. 

&gt; Following is the error log displayed, 

&gt; 

&gt; ERROR: 

&gt; ------ 

&gt; 17/03/08 16:29:41 WARN ipc.AbstractRpcClient: Exception encountered 

&gt; while connecting to the server : javax.security.sasl.SaslException: GSS 

&gt; initiate failed [Caused by GSSException: No valid credentials provided 

&gt; (Mechanism level: Failed to find any Kerberos tgt)] 

&gt; 17/03/08 16:29:41 FATAL ipc.AbstractRpcClient: SASL authentication 

&gt; failed. The most likely cause is missing or invalid credentials. 

&gt; Consider 'kinit'. 

&gt; javax.security.sasl.SaslException: GSS initiate failed [Caused by 

&gt; GSSException: No valid credentials provided (Mechanism level: Failed to 

&gt; find any Kerberos tgt)] 

&gt; at 

&gt; com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212)


&gt; at 

&gt; org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:179)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:612)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.java:157)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:738)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:735)


&gt; at java.security.AccessController.doPrivileged(Native Method) 

&gt; at javax.security.auth.Subject.doAs(Subject.java:415) 

&gt; at 

&gt; org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:735)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:897)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:866)


&gt; at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1209) 

&gt; at 

&gt; org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:217)


&gt; at 

&gt; org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:318)


&gt; at 

&gt; org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:32831)


&gt; at 

&gt; org.apache.hadoop.hbase.client.ScannerCallable.openScanner(ScannerCallable.java:373)


&gt; at 

&gt; org.apache.hadoop.hbase.client.ScannerCallable.call(ScannerCallable.java:200) 

&gt; at 

&gt; org.apache.hadoop.hbase.client.ScannerCallable.call(ScannerCallable.java:62) 

&gt; at 

&gt; org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:200)


&gt; at 

&gt; org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:350)


&gt; at 

&gt; org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:324)


&gt; at 

&gt; org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126)


&gt; at 

&gt; org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:64)


&gt; at 

&gt; java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 

&gt; at 

&gt; java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 

&gt; at java.lang.Thread.run(Thread.java:745) 

&gt; Caused by: GSSException: No valid credentials provided (Mechanism level: 

&gt; Failed to find any Kerberos tgt) 

&gt; at 

&gt; sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)


&gt; at 

&gt; sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121)


&gt; at 

&gt; sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)


&gt; at 

&gt; sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223) 

&gt; at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) 

&gt; at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) 

&gt; at 

&gt; com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)


&gt; ... 26 more 

&gt; 

&gt; 

&gt; Thanks &amp; Regards, 

&gt; Rohit R. K. 

&gt; 







Mime
View raw message