[ https://issues.apache.org/jira/browse/KNOX-1162?focusedWorklogId=199967&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-199967 ]
ASF GitHub Bot logged work on KNOX-1162: ---------------------------------------- Author: ASF GitHub Bot Created on: 18/Feb/19 09:23 Start Date: 18/Feb/19 09:23 Worklog Time Spent: 10m Work Description: smolnar82 commented on issue #55: KNOX-1162 - Logging stacktrace for FATAL messages and displaying a meaningful error message in case of missing/non-parsable JAAS configuration URL: https://github.com/apache/knox/pull/55#issuecomment-464652777 Restart build ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 199967) Time Spent: 0.5h (was: 20m) > Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration > ---------------------------------------------------------------- > > Key: KNOX-1162 > URL: https://issues.apache.org/jira/browse/KNOX-1162 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Affects Versions: 0.14.0 > Reporter: Kevin Minder > Assignee: Sandor Molnar > Priority: Minor > Fix For: 1.3.0 > > Time Spent: 0.5h > Remaining Estimate: 0h > > When there is a misconfiguration in conf/krb5JAASLogin.conf the server fails > to start and the information in gateway.log isn't at all helpful. So two > requests > # Logging should indicate at a minimum what file contains the issue. > # All fatal issues should log stack traces without requiring enabling debug > logging. > This is the error shown in gateway.log > {code} > 2018-01-05 12:05:12,538 FATAL hadoop.gateway (GatewayServer.java:main(163)) - > Failed to start gateway: java.lang.SecurityException: java.io.IOException: > Configuration Error: > Line 7: expected [option key] > {code} > When you enabled debug logging you get somewhat better information. > {code} > 2018-01-05 15:55:54,087 FATAL hadoop.gateway (GatewayServer.java:main(163)) - > Failed to start gateway: java.lang.SecurityException: java.io.IOException: > Configuration Error: > Line 7: expected [option key] > java.lang.SecurityException: java.io.IOException: Configuration Error: > Line 7: expected [option key] > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) > at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at java.lang.Class.newInstance(Class.java:442) > at > javax.security.auth.login.Configuration$2.run(Configuration.java:255) > at > javax.security.auth.login.Configuration$2.run(Configuration.java:247) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246) > at > org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:52) > at > org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:59) > at > org.apache.hadoop.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:80) > at > org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:113) > at > org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:154) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99) > at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: java.io.IOException: Configuration Error: > Line 7: expected [option key] > at > sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666) > at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572) > at > sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477) > at > sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427) > at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329) > at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271) > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135) > ... 24 more > {code} > Lastly the particular configuration error in conf/krb5JAASLogin.conf was > missing quotes for the keyTab and principal values. Note, portions of the > principal have been scrubbed and replaced with tokens (e.g. <host-name>) > {code} > com.sun.security.jgss.initiate { > com.sun.security.auth.module.Krb5LoginModule required > renewTGT=true > doNotPrompt=true > useKeyTab=true > keyTab=/usr/hdp/current/knox-server/conf/knox.keytab > principal=knox/<host-name>@<realm-name> > isInitiator=true > storeKey=true > useTicketCache=true > client=true; > }; > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)