[
https://issues.apache.org/jira/browse/ATLAS-1546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15862006#comment-15862006
]
Greg Senia commented on ATLAS-1546:
-----------------------------------
[~nixonrodrigues] and [~madhan.neethiraj] fix doesn't seem to work correctly
with doAS enabled...
gint), stock_price_adj_close (type:
float)"}}}}]}},"DagId:":"hive_20170210183719_81144261-1a2b-4159-9e62-dc7bad4ebfc7:1","DagName:":""}},"Stage-2":{"Dependency
Collection":{}},"Stage-0":{"Move Operator":{"files:":{"hdfs
directory:":"true","destination:":"hdfs://tech/apps/hive/warehouse/gss_test_gss_test"}}}}},
endTime=Fri Feb 10 18:37:40 EST 2017}}]] after 3 retries. Quitting
org.apache.kafka.common.KafkaException: Failed to construct kafka producer
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:335)
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:188)
at
org.apache.atlas.kafka.KafkaNotification.createProducer(KafkaNotification.java:311)
at
org.apache.atlas.kafka.KafkaNotification.sendInternal(KafkaNotification.java:220)
at
org.apache.atlas.notification.AbstractNotification.send(AbstractNotification.java:84)
at
org.apache.atlas.hook.AtlasHook.notifyEntitiesInternal(AtlasHook.java:134)
at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:119)
at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:172)
at org.apache.atlas.hive.hook.HiveHook.access$300(HiveHook.java:85)
at org.apache.atlas.hive.hook.HiveHook$3.run(HiveHook.java:224)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1740)
at
org.apache.atlas.hive.hook.HiveHook.notifyAsPrivilegedAction(HiveHook.java:233)
at org.apache.atlas.hive.hook.HiveHook$2.run(HiveHook.java:206)
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.kafka.common.KafkaException:
javax.security.auth.login.LoginException: Could not login: the client is being
asked for a password, but the Kafka client code does not currently support
obtaining a password from the user. not available to garner authentication
information from the user
at
org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86)
at
org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:71)
at
org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83)
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:277)
... 19 more
Caused by: javax.security.auth.login.LoginException: Could not login: the
client is being asked for a password, but the Kafka client code does not
currently support obtaining a password from the user. not available to garner
authentication information from the user
at
com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:940)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at
org.apache.kafka.common.security.authenticator.AbstractLogin.login(AbstractLogin.java:69)
at
org.apache.kafka.common.security.kerberos.KerberosLogin.login(KerberosLogin.java:110)
at
org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:46)
at
org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68)
at
org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78)
> Hive hook should choose appropriate JAAS config if host uses kerberos
> ticket-cache
> ----------------------------------------------------------------------------------
>
> Key: ATLAS-1546
> URL: https://issues.apache.org/jira/browse/ATLAS-1546
> Project: Atlas
> Issue Type: Improvement
> Components: atlas-intg
> Affects Versions: 0.7-incubating, 0.8-incubating
> Reporter: Madhan Neethiraj
> Assignee: Nixon Rodrigues
> Fix For: 0.8-incubating
>
> Attachments: ATLAS-1546.patch
>
>
> In a kerberized environment, Atlas hook uses JAAS configuration section named
> "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment
> this configuration section is set to use the keytab and principal of
> HiveServer2 process. The hook running in HiveCLI might fail to authenticate
> with Kafka if the user can't read the configured keytab.
> Given that HiveCLI users would have performed kinit, the hook in HiveCLI
> should use the ticket-cache generated by kinit. When ticket cache is not
> available (for example in HiveServer2), the hook should use the configuration
> provided in KafkaClient JAAS section.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
