phoenix-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mallieswari Dineshbabu <dmalliesw...@gmail.com>
Subject Re: Cannot connect phoenix client in kerberos cluster
Date Thu, 05 Oct 2017 12:29:32 GMT
Yes, It is installed in all the JVMs. Any other solution.


On Wed, Oct 4, 2017 at 5:30 PM, rafa <rafa13@gmail.com> wrote:

> Hi Mallieswari,
>
> Perhaps the Java Cryptography Extension (JCE) Unlimited Strength
> Jurisdiction Policy Files are not installed in all the JVMs ?
>
> Regards,
> rafa
>
> On Wed, Oct 4, 2017 at 1:18 PM, Mallieswari Dineshbabu <
> dmallieswari@gmail.com> wrote:
>
>> Hi ,
>>
>>
>>
>> I have configured a phoenix package "apache-phoenix-4.11.0-HBase-1.2-bin"
>> to Hbase version "1.2.5" in kerberos cluster.
>>
>>
>>
>> For phoenix secure cluster configuration, I have added the following
>> properties into the *hbase-site.xml* present in *phoenix/bin* along with
>> the properties of hbase configuration properties present in hbase/conf path
>> and refer the *core-site.xml*, *hdfs-site.xml* file in phoenix/bin path
>>
>>
>>
>> phoenix.queryserver.keytab.file
>>
>> The key to look for keytab file.
>>
>> *unset*
>>
>> phoenix.queryserver.kerberos.principal
>>
>> The kerberos principal to use when authenticating.
>>
>> *unset*
>>
>> Phoenix Query Server:
>>
>>
>>
>> Once updated a above properties query server has been started
>> successfully using keytab.
>>
>>
>>
>> *Command to Server:*
>>
>> *python queryserver.py*
>>
>>
>>
>> Phoenix Client:
>>
>>
>>
>> Once the query server is started successfully then the port no 8765 comes
>> to live. When i try to connect client with following command it returns GSS
>> Exception. Am I missing any steps in configuration.
>>
>>
>>
>>
>>
>> *Command to Client:*
>>
>> Following are the methods i tried to connect in secure cluster it does
>> not works.
>>
>>
>>
>> *Method 1:* python sqlline-thin.py http://hostname:8765
>>
>> *Method 2:*
>>
>> python sqlthin-client.py http://hostname:8765;authentic
>> ation=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.
>> COM;keytab=C:\\path\\to\\HadoopKeyTabs\\\phoenix.keytab
>> <http://hostname:8765;authentication=SPNEGO;principal=phoenix/OrgClu@XXXXXX.XXXXX.COM;keytab=C:/path/to/HadoopKeyTabs/phoenix.keytab>
>>
>>
>>
>>
>>
>> *CLIENT SIDE ERROR:*
>>
>> x-4.11.0-HBase-1.2-bin\bin>python sqlline-thin.py http://namenode1:8765
>>
>> Failed to find hbase executable on PATH, defaulting serialization to
>> PROTOBUF.
>>
>> [ERROR] Terminal initialization failed; falling back to unsupported
>>
>> java.lang.NoClassDefFoundError: Could not initialize class
>> org.apache.phoenix.sh
>>
>> aded.org.fusesource.jansi.internal.Kernel32
>>
>>         at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>> owsSuppor
>>
>> t.getConsoleMode(WindowsSupport.java:50)
>>
>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>> de(Window
>>
>> sTerminal.java:177)
>>
>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>> Terminal.
>>
>> java:80)
>>
>>         at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>> nalFactor
>>
>> y.java:101)
>>
>>         at org.apache.phoenix.shaded.jline.TerminalFactory.get(Terminal
>> Factory.j
>>
>> ava:159)
>>
>>         at sqlline.SqlLineOpts.<init>(SqlLineOpts.java:45)
>>
>>         at sqlline.SqlLine.<init>(SqlLine.java:55)
>>
>>         at sqlline.SqlLine.start(SqlLine.java:397)
>>
>>         at sqlline.SqlLine.main(SqlLine.java:291)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:88)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:85)
>>
>>         at java.security.AccessController.doPrivileged(Native Method)
>>
>>         at javax.security.auth.Subject.doAs(Subject.java:415)
>>
>>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>> upInforma
>>
>> tion.java:1657)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>> llineWrap
>>
>> per.java:85)
>>
>>
>>
>> [ERROR] Terminal initialization failed; falling back to unsupported
>>
>> java.lang.NoClassDefFoundError: Could not initialize class
>> org.apache.phoenix.sh
>>
>> aded.org.fusesource.jansi.internal.Kernel32
>>
>>         at org.apache.phoenix.shaded.org.fusesource.jansi.internal.Wind
>> owsSuppor
>>
>> t.getConsoleMode(WindowsSupport.java:50)
>>
>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.getConsoleMo
>> de(Window
>>
>> sTerminal.java:177)
>>
>>         at org.apache.phoenix.shaded.jline.WindowsTerminal.init(Windows
>> Terminal.
>>
>> java:80)
>>
>>         at org.apache.phoenix.shaded.jline.TerminalFactory.create(Termi
>> nalFactor
>>
>> y.java:101)
>>
>>         at sqlline.SqlLine.getConsoleReader(SqlLine.java:723)
>>
>>         at sqlline.SqlLine.begin(SqlLine.java:657)
>>
>>         at sqlline.SqlLine.start(SqlLine.java:398)
>>
>>         at sqlline.SqlLine.main(SqlLine.java:291)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:88)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:85)
>>
>>         at java.security.AccessController.doPrivileged(Native Method)
>>
>>         at javax.security.auth.Subject.doAs(Subject.java:415)
>>
>>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>> upInforma
>>
>> tion.java:1657)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>> llineWrap
>>
>> per.java:85)
>>
>>
>>
>> Setting property: [incremental, false]
>>
>> Setting property: [isolation, TRANSACTION_READ_COMMITTED]
>>
>> issuing: !connect jdbc:phoenix:thin:url=http://n
>> amenode1:8765;serialization=PROT
>>
>> OBUF;authentication=SPNEGO none none org.apache.phoenix.queryserver
>> .client.Drive
>>
>> r
>>
>> Connecting to jdbc:phoenix:thin:url=http://n
>> amenode1:8765;serialization=PROTOBUF
>>
>> ;authentication=SPNEGO
>>
>> java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/404
>>
>>         at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSp
>> negoImpl.
>>
>> send(AvaticaCommonsHttpClientSpnegoImpl.java:148)
>>
>>         at org.apache.calcite.avatica.remote.RemoteProtobufService._app
>> ly(Remote
>>
>> ProtobufService.java:45)
>>
>>         at org.apache.calcite.avatica.remote.ProtobufService.apply(Prot
>> obufServi
>>
>> ce.java:81)
>>
>>         at org.apache.calcite.avatica.remote.Driver.connect(Driver.java
>> :176)
>>
>>         at sqlline.DatabaseConnection.connect(DatabaseConnection.java:
>> 157)
>>
>>         at sqlline.DatabaseConnection.getConnection(DatabaseConnection.
>> java:203)
>>
>>
>>
>>         at sqlline.Commands.connect(Commands.java:1064)
>>
>>         at sqlline.Commands.connect(Commands.java:996)
>>
>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>>         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.
>>
>> java:57)
>>
>>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(
>> DelegatingMethodAcces
>>
>> sorImpl.java:43)
>>
>>         at java.lang.reflect.Method.invoke(Method.java:606)
>>
>>         at sqlline.ReflectiveCommandHandler.execute(ReflectiveCommandHa
>> ndler.jav
>>
>> a:38)
>>
>>         at sqlline.SqlLine.dispatch(SqlLine.java:809)
>>
>>         at sqlline.SqlLine.initArgs(SqlLine.java:588)
>>
>>         at sqlline.SqlLine.begin(SqlLine.java:661)
>>
>>         at sqlline.SqlLine.start(SqlLine.java:398)
>>
>>         at sqlline.SqlLine.main(SqlLine.java:291)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:88)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper$1.run(S
>> qllineWra
>>
>> pper.java:85)
>>
>>         at java.security.AccessController.doPrivileged(Native Method)
>>
>>         at javax.security.auth.Subject.doAs(Subject.java:415)
>>
>>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGro
>> upInforma
>>
>> tion.java:1657)
>>
>>         at org.apache.phoenix.queryserver.client.SqllineWrapper.main(Sq
>> llineWrap
>>
>> per.java:85)
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> *SERVER SIDE ERROR:*
>>
>> 17/10/04 05:34:28 INFO server.Server: Started @9558ms
>>
>> 17/10/04 05:34:28 INFO server.HttpServer: Service listening on port 8765.
>>
>> 17/10/04 05:38:39 WARN security.SpnegoLoginService:
>>
>> GSSException: Failure unspecified at GSS-API level (Mechanism level:
>> Encryption
>>
>> type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
>>
>>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>> ext.java:
>>
>> 788)
>>
>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :342)
>>
>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :285)
>>
>>         at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(
>> SpNegoCon
>>
>> text.java:871)
>>
>>         at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(
>> SpNegoContext
>>
>> .java:544)
>>
>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :342)
>>
>>         at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContext
>> Impl.java
>>
>> :285)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.SpnegoL
>> oginServi
>>
>> ce.login(SpnegoLoginService.java:137)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>> ication.L
>>
>> oginAuthenticator.login(LoginAuthenticator.java:61)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.authent
>> ication.S
>>
>> pnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.security.Securit
>> yHandler.
>>
>> handle(SecurityHandler.java:512)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>> andlerLis
>>
>> t.handle(HandlerList.java:52)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.handler.H
>> andlerWra
>>
>> pper.handle(HandlerWrapper.java:97)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.Server.ha
>> ndle(Serv
>>
>> er.java:499)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpChann
>> el.handle
>>
>> (HttpChannel.java:311)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.server.HttpConne
>> ction.onF
>>
>> illable(HttpConnection.java:257)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.io.AbstractConne
>> ction$2.r
>>
>> un(AbstractConnection.java:544)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>> edThreadP
>>
>> ool.runJob(QueuedThreadPool.java:635)
>>
>>         at org.apache.phoenix.shaded.org.eclipse.jetty.util.thread.Queu
>> edThreadP
>>
>> ool$3.run(QueuedThreadPool.java:555)
>>
>>         at java.lang.Thread.run(Thread.java:744)
>>
>> Caused by: KrbException: Encryption type AES256 CTS mode with HMAC
>> SHA1-96 is no
>>
>> t supported/enabled
>>
>>         at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:
>> 552)
>>
>>         at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:270)
>>
>>         at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
>>
>>         at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecCon
>> textToken
>>
>> .java:108)
>>
>>         at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Cont
>> ext.java:
>>
>> 771)
>>
>>         ... 19 more
>>
>>
>>
>>
>>
>>
>>
>> Please help me to solve this issue.
>>
>> --
>>
>> Thanks and regards
>>
>> D.Mallieswari
>>
>
>


-- 
Thanks and regards
D.Mallieswari

Mime
View raw message