phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rafa <raf...@gmail.com>
Subject Re: Cannot connect phoenix client in kerberos cluster
Date Wed, 04 Oct 2017 12:00:01 GMT
Hi Mallieswari,

Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
Jurisdiction Policy Files are not installed in all the JVMs ?

Regards,
rafa

On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:

> Hi ,
>
>
>
> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
> to Hbase version "1.2.5" in kerberos cluster.
>
>
>
> For phoenix secure cluster configuration, I have added the following
> properties into the *hbase-site.xml* present in *phoenix/bin* along with
> the properties of hbase configuration properties present in hbase/conf path
> and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path
>
>
>
> phoenix.queryserver.keytab.file
>
> The key to look for keytab file.
>
> *unset*
>
> phoenix.queryserver.kerberos.principal
>
> The kerberos principal to use when authenticating.
>
> *unset*
>
> Phoenix Query Server:
>
>
>
> Once updated a above properties query server has been started successfully
> using keytab.
>
>
>
> *Command to Server:*
>
> *python queryserver.py*
>
>
>
> Phoenix Client:
>
>
>
> Once the query server is started successfully then the port no 8765 comes
> to live. When i try to connect client with following command it returns GSS
> Exception. Am I missing any steps in configuration.
>
>
>
>
>
> *Command to Client:*
>
> Following are the methods i tried to connect in secure cluster it does not
> works.
>
>
>
> *Method 1:* python sqlline-thin.py http://hostname:8765
>
> *Method 2:*
>
> python sqlthin-client.py http://hostname:8765;authentication=SPNEGO;
> principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:\\
> path\\to\\HadoopKeyTabs\\\phoenix.keytab
> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>
>
>
>
>
> *CLIENT SIDE ERROR:*
>
> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>
> Failed to find hbase executable on PATH, defaulting serialization to
> PROTOBUF.
>
> [ERROR] Terminal initialization failed; falling back to unsupported
>
> java.lang.NoClassDefFoundError: Could not initialize class
> org.apache.phoenix.sh
>
> aded.org.fusesource.jansi.internal.Kernel32
>
>         at org.apache.phoenix.shaded.org.fusesource.jansi.internal.
> WindowsSuppor
>
> t.getConsoleMode(WindowsSupport.java:50)
>
>         at org.apache.phoenix.shaded.jline.WindowsTerminal.
> getConsoleMode(Window
>
> sTerminal.java:177)
>
>         at org.apache.phoenix.shaded.jline.WindowsTerminal.init(
> WindowsTerminal.
>
> java:80)
>
>         at org.apache.phoenix.shaded.jline.TerminalFactory.create(
> TerminalFactor
>
> y.java:101)
>
>         at org.apache.phoenix.shaded.jline.TerminalFactory.get(
> TerminalFactory.j
>
> ava:159)
>
>         at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>
>         at sqlline.SqlLine.<init>(SqlLine.java:55)
>
>         at sqlline.SqlLine.start(SqlLine.java:397)
>
>         at sqlline.SqlLine.main(SqlLine.java:291)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:88)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:85)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAs(Subject.java:415)
>
>         at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInforma
>
> tion.java:1657)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(
> SqllineWrap
>
> per.java:85)
>
>
>
> [ERROR] Terminal initialization failed; falling back to unsupported
>
> java.lang.NoClassDefFoundError: Could not initialize class
> org.apache.phoenix.sh
>
> aded.org.fusesource.jansi.internal.Kernel32
>
>         at org.apache.phoenix.shaded.org.fusesource.jansi.internal.
> WindowsSuppor
>
> t.getConsoleMode(WindowsSupport.java:50)
>
>         at org.apache.phoenix.shaded.jline.WindowsTerminal.
> getConsoleMode(Window
>
> sTerminal.java:177)
>
>         at org.apache.phoenix.shaded.jline.WindowsTerminal.init(
> WindowsTerminal.
>
> java:80)
>
>         at org.apache.phoenix.shaded.jline.TerminalFactory.create(
> TerminalFactor
>
> y.java:101)
>
>         at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>
>         at sqlline.SqlLine.begin(SqlLine.java:657)
>
>         at sqlline.SqlLine.start(SqlLine.java:398)
>
>         at sqlline.SqlLine.main(SqlLine.java:291)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:88)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:85)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAs(Subject.java:415)
>
>         at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInforma
>
> tion.java:1657)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(
> SqllineWrap
>
> per.java:85)
>
>
>
> Setting property: [incremental, false]
>
> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>
> issuing: !connect jdbc:phoenix:thin:url=http://
> namenode1:8765;serialization=PROT
>
> OBUF;authentication=SPNEGO none none org.apache.phoenix.
> queryserver.client.Drive
>
> r
>
> Connecting to jdbc:phoenix:thin:url=http://namenode1:8765;serialization=
> PROTOBUF
>
> ;authentication=SPNEGO
>
> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>
>         at org.apache.calcite.avatica.remote.
> AvaticaCommonsHttpClientSpnegoImpl.
>
> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>
>         at org.apache.calcite.avatica.remote.RemoteProtobufService._
> apply(Remote
>
> ProtobufService.java:45)
>
>         at org.apache.calcite.avatica.remote.ProtobufService.apply(
> ProtobufServi
>
> ce.java:81)
>
>         at org.apache.calcite.avatica.remote.Driver.connect(Driver.
> java:176)
>
>         at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157)
>
>         at sqlline.DatabaseConnection.getConnection(
> DatabaseConnection.java:203)
>
>
>
>         at sqlline.Commands.connect(Commands.java:1064)
>
>         at sqlline.Commands.connect(Commands.java:996)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.
>
> java:57)
>
>         at sun.reflect.DelegatingMethodAccessorImpl.
> invoke(DelegatingMethodAcces
>
> sorImpl.java:43)
>
>         at java.lang.reflect.Method.invoke(Method.java:606)
>
>         at sqlline.ReflectiveCommandHandler.execute(
> ReflectiveCommandHandler.jav
>
> a:38)
>
>         at sqlline.SqlLine.dispatch(SqlLine.java:809)
>
>         at sqlline.SqlLine.initArgs(SqlLine.java:588)
>
>         at sqlline.SqlLine.begin(SqlLine.java:661)
>
>         at sqlline.SqlLine.start(SqlLine.java:398)
>
>         at sqlline.SqlLine.main(SqlLine.java:291)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:88)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(
> SqllineWra
>
> pper.java:85)
>
>         at java.security.AccessController.doPrivileged(Native Method)
>
>         at javax.security.auth.Subject.doAs(Subject.java:415)
>
>         at org.apache.hadoop.security.UserGroupInformation.doAs(
> UserGroupInforma
>
> tion.java:1657)
>
>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(
> SqllineWrap
>
> per.java:85)
>
>
>
>
>
>
>
>
>
> *SERVER SIDE ERROR:*
>
> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>
> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
>
> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>
> GSSException: Failure unspecified at GSS-API level (Mechanism level:
> Encryption
>
> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>
>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 788)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
>         at sun.security.jgss.spnego.SpNegoContext.GSS_
> acceptSecContext(SpNegoCon
>
> text.java:871)
>
>         at sun.security.jgss.spnego.SpNegoContext.
> acceptSecContext(SpNegoContext
>
> .java:544)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :342)
>
>         at sun.security.jgss.GSSContextImpl.acceptSecContext(
> GSSContextImpl.java
>
> :285)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SpnegoLoginServi
>
> ce.login(SpnegoLoginService.java:137)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.L
>
> oginAuthenticator.login(LoginAuthenticator.java:61)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> authentication.S
>
> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.
> SecurityHandler.
>
> handle(SecurityHandler.java:512)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerLis
>
> t.handle(HandlerList.java:52)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.
> HandlerWra
>
> pper.handle(HandlerWrapper.java:97)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.
> handle(Serv
>
> er.java:499)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpChannel.handle
>
> (HttpChannel.java:311)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.
> HttpConnection.onF
>
> illable(HttpConnection.java:257)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.io.
> AbstractConnection$2.r
>
> un(AbstractConnection.java:544)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool.runJob(QueuedThreadPool.java:635)
>
>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.
> QueuedThreadP
>
> ool$3.run(QueuedThreadPool.java:555)
>
>         at java.lang.Thread.run(Thread.java:744)
>
> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96
> is no
>
> t supported/enabled
>
>         at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:552)
>
>         at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>
>         at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>
>         at sun.security.jgss.krb5.InitSecContextToken.<init>(
> InitSecContextToken
>
> .java:108)
>
>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(
> Krb5Context.java:
>
> 771)
>
>         ... 19 more
>
>
>
>
>
>
>
> Please help me to solve this issue.
>
> --
>
> Thanks and regards
>
> D.Mallieswari
>

Mime
View raw message