[ https://issues.apache.org/jira/browse/KNOX-1162?focusedWorklogId=200681&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-200681 ]
ASF GitHub Bot logged work on KNOX-1162: ---------------------------------------- Author: ASF GitHub Bot Created on: 19/Feb/19 15:27 Start Date: 19/Feb/19 15:27 Worklog Time Spent: 10m Work Description: smolnar82 commented on pull request #55: KNOX-1162 - Logging stacktrace for FATAL messages and displaying a meaningful error message in case of missing/non-parsable JAAS configuration URL: https://github.com/apache/knox/pull/55#discussion_r258088484 ########## File path: gateway-service-remoteconfig/src/test/java/org/apache/knox/gateway/service/config/remote/zk/RemoteConfigurationRegistryJAASConfigTest.java ########## @@ -36,6 +47,14 @@ public class RemoteConfigurationRegistryJAASConfigTest { + @Rule + public final TemporaryFolder testFolder = new TemporaryFolder(); + + @Rule + public final ExpectedException expectedException = ExpectedException.none(); + + private static final String JAAS_CONFIG_ERRROR_PREFIX = "Error while getting secure configuration. This error usually indicates an issue within the supplied JAAS configuration"; Review comment: Fixed; thanks! ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 200681) Time Spent: 3h 20m (was: 3h 10m) > Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration > ---------------------------------------------------------------- > > Key: KNOX-1162 > URL: https://issues.apache.org/jira/browse/KNOX-1162 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Affects Versions: 0.14.0 > Reporter: Kevin Minder > Assignee: Sandor Molnar > Priority: Minor > Fix For: 1.3.0 > > Time Spent: 3h 20m > Remaining Estimate: 0h > > When there is a misconfiguration in conf/krb5JAASLogin.conf the server fails > to start and the information in gateway.log isn't at all helpful. So two > requests > # Logging should indicate at a minimum what file contains the issue. > # All fatal issues should log stack traces without requiring enabling debug > logging. > This is the error shown in gateway.log > {code} > 2018-01-05 12:05:12,538 FATAL hadoop.gateway (GatewayServer.java:main(163)) - > Failed to start gateway: java.lang.SecurityException: java.io.IOException: > Configuration Error: > Line 7: expected [option key] > {code} > When you enabled debug logging you get somewhat better information. > {code} > 2018-01-05 15:55:54,087 FATAL hadoop.gateway (GatewayServer.java:main(163)) - > Failed to start gateway: java.lang.SecurityException: java.io.IOException: > Configuration Error: > Line 7: expected [option key] > java.lang.SecurityException: java.io.IOException: Configuration Error: > Line 7: expected [option key] > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) > at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at java.lang.Class.newInstance(Class.java:442) > at > javax.security.auth.login.Configuration$2.run(Configuration.java:255) > at > javax.security.auth.login.Configuration$2.run(Configuration.java:247) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246) > at > org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:52) > at > org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:59) > at > org.apache.hadoop.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:80) > at > org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:113) > at > org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:154) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99) > at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: java.io.IOException: Configuration Error: > Line 7: expected [option key] > at > sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666) > at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572) > at > sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477) > at > sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427) > at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329) > at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271) > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135) > ... 24 more > {code} > Lastly the particular configuration error in conf/krb5JAASLogin.conf was > missing quotes for the keyTab and principal values. Note, portions of the > principal have been scrubbed and replaced with tokens (e.g. <host-name>) > {code} > com.sun.security.jgss.initiate { > com.sun.security.auth.module.Krb5LoginModule required > renewTGT=true > doNotPrompt=true > useKeyTab=true > keyTab=/usr/hdp/current/knox-server/conf/knox.keytab > principal=knox/<host-name>@<realm-name> > isInitiator=true > storeKey=true > useTicketCache=true > client=true; > }; > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)