phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mallieswari Dineshbabu <dmalliesw...@gmail.com>
Subject Cannot connect phoenix client in kerberos cluster
Date Wed, 04 Oct 2017 11:18:07 GMT
Hi ,



I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
to Hbase version "1.2.5" in kerberos cluster.



For phoenix secure cluster configuration, I have added the following
properties into the *hbase-site.xml* present in *phoenix/bin* along with
the properties of hbase configuration properties present in hbase/conf path
and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path



phoenix.queryserver.keytab.file

The key to look for keytab file.

*unset*

phoenix.queryserver.kerberos.principal

The kerberos principal to use when authenticating.

*unset*

Phoenix Query Server:



Once updated a above properties query server has been started successfully
using keytab.



*Command to Server:*

*python queryserver.py*



Phoenix Client:



Once the query server is started successfully then the port no 8765 comes
to live. When i try to connect client with following command it returns GSS
Exception. Am I missing any steps in configuration.





*Command to Client:*

Following are the methods i tried to connect in secure cluster it does not
works.



*Method 1:* python sqlline-thin.py http://hostname:8765

*Method 2:*

python sqlthin-client.py
http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
<http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>





*CLIENT SIDE ERROR:*

x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765

Failed to find hbase executable on PATH, defaulting serialization to
PROTOBUF.

[ERROR] Terminal initialization failed; falling back to unsupported

java.lang.NoClassDefFoundError: Could not initialize class
org.apache.phoenix.sh

aded.org.fusesource.jansi.internal.Kernel32

        at
org.apache.phoenix.shaded.org.fusesource.jansi.internal.WindowsSuppor

t.getConsoleMode(WindowsSupport.java:50)

        at
org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMode(Window

sTerminal.java:177)

        at
org.apache.phoenix.shaded.jline.WindowsTerminal.init(WindowsTerminal.

java:80)

        at
org.apache.phoenix.shaded.jline.TerminalFactory.create(TerminalFactor

y.java:101)

        at
org.apache.phoenix.shaded.jline.TerminalFactory.get(TerminalFactory.j

ava:159)

        at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)

        at sqlline.SqlLine.<init>(SqlLine.java:55)

        at sqlline.SqlLine.start(SqlLine.java:397)

        at sqlline.SqlLine.main(SqlLine.java:291)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra

pper.java:88)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra

pper.java:85)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.Subject.doAs(Subject.java:415)

        at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInforma

tion.java:1657)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrap

per.java:85)



[ERROR] Terminal initialization failed; falling back to unsupported

java.lang.NoClassDefFoundError: Could not initialize class
org.apache.phoenix.sh

aded.org.fusesource.jansi.internal.Kernel32

        at
org.apache.phoenix.shaded.org.fusesource.jansi.internal.WindowsSuppor

t.getConsoleMode(WindowsSupport.java:50)

        at
org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMode(Window

sTerminal.java:177)

        at
org.apache.phoenix.shaded.jline.WindowsTerminal.init(WindowsTerminal.

java:80)

        at
org.apache.phoenix.shaded.jline.TerminalFactory.create(TerminalFactor

y.java:101)

        at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)

        at sqlline.SqlLine.begin(SqlLine.java:657)

        at sqlline.SqlLine.start(SqlLine.java:398)

        at sqlline.SqlLine.main(SqlLine.java:291)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra

pper.java:88)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra

pper.java:85)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.Subject.doAs(Subject.java:415)

        at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInforma

tion.java:1657)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrap

per.java:85)



Setting property: [incremental, false]

Setting property: [isolation, TRANSACTION_READ_COMMITTED]

issuing: !connect jdbc:phoenix:thin:url=http://namenode1:8765;serialization
=PROT

OBUF;authentication=SPNEGO none none
org.apache.phoenix.queryserver.client.Drive

r

Connecting to jdbc:phoenix:thin:url=http://namenode1:8765;serialization
=PROTOBUF

;authentication=SPNEGO

java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404

        at
org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl.

send(AvaticaCommonsHttpClientSpnegoImpl.java:148)

        at
org.apache.calcite.avatica.remote.RemoteProtobufService._apply(Remote

ProtobufService.java:45)

        at
org.apache.calcite.avatica.remote.ProtobufService.apply(ProtobufServi

ce.java:81)

        at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176)

        at sqlline.DatabaseConnection.connect(DatabaseConnection.java:157)

        at
sqlline.DatabaseConnection.getConnection(DatabaseConnection.java:203)



        at sqlline.Commands.connect(Commands.java:1064)

        at sqlline.Commands.connect(Commands.java:996)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

java:57)

        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

sorImpl.java:43)

        at java.lang.reflect.Method.invoke(Method.java:606)

        at
sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.jav

a:38)

        at sqlline.SqlLine.dispatch(SqlLine.java:809)

        at sqlline.SqlLine.initArgs(SqlLine.java:588)

        at sqlline.SqlLine.begin(SqlLine.java:661)

        at sqlline.SqlLine.start(SqlLine.java:398)

        at sqlline.SqlLine.main(SqlLine.java:291)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra

pper.java:88)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(SqllineWra

pper.java:85)

        at java.security.AccessController.doPrivileged(Native Method)

        at javax.security.auth.Subject.doAs(Subject.java:415)

        at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInforma

tion.java:1657)

        at
org.apache.phoenix.queryserver.client.SqllineWrapper.main(SqllineWrap

per.java:85)









*SERVER SIDE ERROR:*

17/10/04 05:34:28 INFO server.Server: Started @9558ms

17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.

17/10/04 05:38:39 WARN security.SpnegoLoginService:

GSSException: Failure unspecified at GSS-API level (Mechanism level:
Encryption

type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)

        at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:

788)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:342)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:285)

        at
sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoCon

text.java:871)

        at
sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext

.java:544)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:342)

        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java

:285)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoLoginServi

ce.login(SpnegoLoginService.java:137)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.L

oginAuthenticator.login(LoginAuthenticator.java:61)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.authentication.S

pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.security.SecurityHandler.

handle(SecurityHandler.java:512)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerLis

t.handle(HandlerList.java:52)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.HandlerWra

pper.handle(HandlerWrapper.java:97)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.handle(Serv

er.java:499)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChannel.handle

(HttpChannel.java:311)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConnection.onF

illable(HttpConnection.java:257)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConnection$2.r

un(AbstractConnection.java:544)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP

ool.runJob(QueuedThreadPool.java:635)

        at
org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.QueuedThreadP

ool$3.run(QueuedThreadPool.java:555)

        at java.lang.Thread.run(Thread.java:744)

Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96
is no

t supported/enabled

        at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:552)

        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)

        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)

        at
sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken

.java:108)

        at
sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:

771)

        ... 19 more







Please help me to solve this issue.

-- 

Thanks and regards

D.Mallieswari

Mime
View raw message