phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rafa <raf...@gmail.com>
Subject Re: Cannot connect phoenix client in kerberos cluster
Date Thu, 05 Oct 2017 13:31:06 GMT
Hi,

The method 1 should work as far as the query server connects to the cluster
successfully with the configured keytab. It seems a classpath problem on
client side:

[ERROR] Terminal initialization failed; falling back to unsupported

java.lang.NoClassDefFoundError: Could not initialize class
org.apache.phoenix.sh
aded.org.fusesource.jansi.internal.Kernel32

I have no exprience with windows. Seems that there is need for jline in the
classpath

https://jline.github.io/

check this:

https://issues.apache.org/jira/browse/HIVE-13824

regards


On Thu, Oct 5, 2017 at 2:29 PM, Mallieswari Dineshbabu <
dmallieswari@gmail.com> wrote:

> Yes, It is installed in all the JVMs. Any other solution.
>
>
> On Wed, Oct 4, 2017 at 5:30 PM, rafa <rafa13@gmail.com> wrote:
>
>> Hi Mallieswari,
>>
>> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
>> Jurisdiction Policy Files are not installed in all the JVMs ?
>>
>> Regards,
>> rafa
>>
>> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
>> dmallieswari@gmail.com> wrote:
>>
>>> Hi ,
>>>
>>>
>>>
>>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>>> to Hbase version "1.2.5" in kerberos cluster.
>>>
>>>
>>>
>>> For phoenix secure cluster configuration, I have added the following
>>> properties into the *hbase-site.xml* present in *phoenix/bin* along
>>> with the properties of hbase configuration properties present in hbase/conf
>>> path and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin
>>> path
>>>
>>>
>>>
>>> phoenix.queryserver.keytab.file
>>>
>>> The key to look for keytab file.
>>>
>>> *unset*
>>>
>>> phoenix.queryserver.kerberos.principal
>>>
>>> The kerberos principal to use when authenticating.
>>>
>>> *unset*
>>>
>>> Phoenix Query Server:
>>>
>>>
>>>
>>> Once updated a above properties query server has been started
>>> successfully using keytab.
>>>
>>>
>>>
>>> *Command to Server:*
>>>
>>> *python queryserver.py*
>>>
>>>
>>>
>>> Phoenix Client:
>>>
>>>
>>>
>>> Once the query server is started successfully then the port no 8765
>>> comes to live. When i try to connect client with following command it
>>> returns GSS Exception. Am I missing any steps in configuration.
>>>
>>>
>>>
>>>
>>>
>>> *Command to Client:*
>>>
>>> Following are the methods i tried to connect in secure cluster it does
>>> not works.
>>>
>>>
>>>
>>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>>
>>> *Method 2:*
>>>
>>> python sqlthin-client.py http://hostname:8765;authentic
>>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;
>>> keytab=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>>
>>>
>>>
>>>
>>>
>>> *CLIENT SIDE ERROR:*
>>>
>>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>>>
>>> Failed to find hbase executable on PATH, defaulting serialization to
>>> PROTOBUF.
>>>
>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>
>>> java.lang.NoClassDefFoundError: Could not initialize class
>>> org.apache.phoenix.sh
>>>
>>> aded.org.fusesource.jansi.internal.Kernel32
>>>
>>>         at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>>> owsSuppor
>>>
>>> t.getConsoleMode(WindowsSupport.java:50)
>>>
>>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>>> de(Window
>>>
>>> sTerminal.java:177)
>>>
>>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>>> Terminal.
>>>
>>> java:80)
>>>
>>>         at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>>> nalFactor
>>>
>>> y.java:101)
>>>
>>>         at org.apache.phoenix.shaded.jline.TerminalFactory.get(Terminal
>>> Factory.j
>>>
>>> ava:159)
>>>
>>>         at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>>
>>>         at sqlline.SqlLine.<init>(SqlLine.java:55)
>>>
>>>         at sqlline.SqlLine.start(SqlLine.java:397)
>>>
>>>         at sqlline.SqlLine.main(SqlLine.java:291)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:88)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:85)
>>>
>>>         at java.security.AccessController.doPrivileged(Native Method)
>>>
>>>         at javax.security.auth.Subject.doAs(Subject.java:415)
>>>
>>>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>> upInforma
>>>
>>> tion.java:1657)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>> llineWrap
>>>
>>> per.java:85)
>>>
>>>
>>>
>>> [ERROR] Terminal initialization failed; falling back to unsupported
>>>
>>> java.lang.NoClassDefFoundError: Could not initialize class
>>> org.apache.phoenix.sh
>>>
>>> aded.org.fusesource.jansi.internal.Kernel32
>>>
>>>         at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>>> owsSuppor
>>>
>>> t.getConsoleMode(WindowsSupport.java:50)
>>>
>>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>>> de(Window
>>>
>>> sTerminal.java:177)
>>>
>>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>>> Terminal.
>>>
>>> java:80)
>>>
>>>         at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>>> nalFactor
>>>
>>> y.java:101)
>>>
>>>         at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>>
>>>         at sqlline.SqlLine.begin(SqlLine.java:657)
>>>
>>>         at sqlline.SqlLine.start(SqlLine.java:398)
>>>
>>>         at sqlline.SqlLine.main(SqlLine.java:291)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:88)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:85)
>>>
>>>         at java.security.AccessController.doPrivileged(Native Method)
>>>
>>>         at javax.security.auth.Subject.doAs(Subject.java:415)
>>>
>>>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>> upInforma
>>>
>>> tion.java:1657)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>> llineWrap
>>>
>>> per.java:85)
>>>
>>>
>>>
>>> Setting property: [incremental, false]
>>>
>>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>>
>>> issuing: !connect jdbc:phoenix:thin:url=http://n
>>> amenode1:8765;serialization=PROT
>>>
>>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>>> .client.Drive
>>>
>>> r
>>>
>>> Connecting to jdbc:phoenix:thin:url=http://n
>>> amenode1:8765;serialization=PROTOBUF
>>>
>>> ;authentication=SPNEGO
>>>
>>> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>>>
>>>         at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSp
>>> negoImpl.
>>>
>>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>>
>>>         at org.apache.calcite.avatica.remote.RemoteProtobufService._app
>>> ly(Remote
>>>
>>> ProtobufService.java:45)
>>>
>>>         at org.apache.calcite.avatica.remote.ProtobufService.apply(Prot
>>> obufServi
>>>
>>> ce.java:81)
>>>
>>>         at org.apache.calcite.avatica.remote.Driver.connect(Driver.java
>>> :176)
>>>
>>>         at sqlline.DatabaseConnection.connect(DatabaseConnection.java:1
>>> 57)
>>>
>>>         at sqlline.DatabaseConnection.getConnection(DatabaseConnection.
>>> java:203)
>>>
>>>
>>>
>>>         at sqlline.Commands.connect(Commands.java:1064)
>>>
>>>         at sqlline.Commands.connect(Commands.java:996)
>>>
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>>> ssorImpl.
>>>
>>> java:57)
>>>
>>>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>>> thodAcces
>>>
>>> sorImpl.java:43)
>>>
>>>         at java.lang.reflect.Method.invoke(Method.java:606)
>>>
>>>         at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHa
>>> ndler.jav
>>>
>>> a:38)
>>>
>>>         at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>>
>>>         at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>>
>>>         at sqlline.SqlLine.begin(SqlLine.java:661)
>>>
>>>         at sqlline.SqlLine.start(SqlLine.java:398)
>>>
>>>         at sqlline.SqlLine.main(SqlLine.java:291)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:88)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>>> qllineWra
>>>
>>> pper.java:85)
>>>
>>>         at java.security.AccessController.doPrivileged(Native Method)
>>>
>>>         at javax.security.auth.Subject.doAs(Subject.java:415)
>>>
>>>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>>> upInforma
>>>
>>> tion.java:1657)
>>>
>>>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>>> llineWrap
>>>
>>> per.java:85)
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *SERVER SIDE ERROR:*
>>>
>>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>>
>>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
>>>
>>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>>
>>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>>> Encryption
>>>
>>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>>
>>>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>>> ext.java:
>>>
>>> 788)
>>>
>>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :342)
>>>
>>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :285)
>>>
>>>         at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(
>>> SpNegoCon
>>>
>>> text.java:871)
>>>
>>>         at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNe
>>> goContext
>>>
>>> .java:544)
>>>
>>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :342)
>>>
>>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>>> Impl.java
>>>
>>> :285)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoL
>>> oginServi
>>>
>>> ce.login(SpnegoLoginService.java:137)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>>> ication.L
>>>
>>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>>> ication.S
>>>
>>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.Securit
>>> yHandler.
>>>
>>> handle(SecurityHandler.java:512)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>>> andlerLis
>>>
>>> t.handle(HandlerList.java:52)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>>> andlerWra
>>>
>>> pper.handle(HandlerWrapper.java:97)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.ha
>>> ndle(Serv
>>>
>>> er.java:499)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChann
>>> el.handle
>>>
>>> (HttpChannel.java:311)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConne
>>> ction.onF
>>>
>>> illable(HttpConnection.java:257)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConne
>>> ction$2.r
>>>
>>> un(AbstractConnection.java:544)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>>> edThreadP
>>>
>>> ool.runJob(QueuedThreadPool.java:635)
>>>
>>>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>>> edThreadP
>>>
>>> ool$3.run(QueuedThreadPool.java:555)
>>>
>>>         at java.lang.Thread.run(Thread.java:744)
>>>
>>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>>> SHA1-96 is no
>>>
>>> t supported/enabled
>>>
>>>         at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:5
>>> 52)
>>>
>>>         at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>>
>>>         at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>>
>>>         at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecCon
>>> textToken
>>>
>>> .java:108)
>>>
>>>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>>> ext.java:
>>>
>>> 771)
>>>
>>>         ... 19 more
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> Please help me to solve this issue.
>>>
>>> --
>>>
>>> Thanks and regards
>>>
>>> D.Mallieswari
>>>
>>
>>
>
>
> --
> Thanks and regards
> D.Mallieswari
>

Mime
View raw message