[jira] [Commented] (PHOENIX-2817) Phoenix-Spark plugin doesn't work in secured env

[Hadoop QA (JIRA)]

    [ 
https://issues.apache.org/jira/browse/PHOENIX-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223700#comment-15223700
 ] 

Hadoop QA commented on PHOENIX-2817:
------------------------------------

{color:red}-1 overall{color}.  Here are the results of testing the latest 
attachment 
  http://issues.apache.org/jira/secure/attachment/12796771/PHOENIX-2817-1.patch
  against master branch at commit 8916eb791b37a2444135abba7c4b640630eb859c.
  ATTACHMENT ID: 12796771

    {color:green}+1 @author{color}.  The patch does not contain any @author 
tags.

    {color:red}-1 tests included{color}.  The patch doesn't appear to include 
any new or modified tests.
                        Please justify why no new tests are needed for this 
patch.
                        Also please list what manual steps were performed to 
verify this patch.

    {color:green}+1 javac{color}.  The applied patch does not increase the 
total number of javac compiler warnings.

    {color:red}-1 javadoc{color}.  The javadoc tool appears to have generated 
24 warning messages.

    {color:green}+1 release audit{color}.  The applied patch does not increase 
the total number of release audit warnings.

    {color:green}+1 lineLengths{color}.  The patch does not introduce lines 
longer than 100

    {color:green}+1 core tests{color}.  The patch passed unit tests in .

Test results: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/293//testReport/
Javadoc warnings: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/293//artifact/patchprocess/patchJavadocWarnings.txt
Console output: 
https://builds.apache.org/job/PreCommit-PHOENIX-Build/293//console

This message is automatically generated.

> Phoenix-Spark plugin doesn't work in secured env
> ------------------------------------------------
>
>                 Key: PHOENIX-2817
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-2817
>             Project: Phoenix
>          Issue Type: Bug
>    Affects Versions: 4.4.0, 4.7.0
>            Reporter: Sergey Soldatov
>            Assignee: Sergey Soldatov
>         Attachments: PHOENIX-2817-1.patch
>
>
> When phoenix spark plugin is used with secured setup any attempt to perform 
> operation with PhoenixRDD cause an exception : 
> {noformat}
> Caused by: java.io.IOException: Login failure for 2181 from keytab /hbase: 
> javax.security.auth.login.LoginException: Unable to obtain password from user
>       at 
> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:962)
>       at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:275)
>       at 
> org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
>       at org.apache.hadoop.hbase.security.User.login(User.java:253)
>       at 
> org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
>       ... 107 more
> Caused by: javax.security.auth.login.LoginException: Unable to obtain 
> password from user
>       at 
> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
>       at 
> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
>       at 
> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
>       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>       at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>       at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>       at java.lang.reflect.Method.invoke(Method.java:497)
>       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
>       at 
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
>       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
>       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at 
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>       at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
>       at 
> org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:953)
>       ... 111 more
> {noformat}
> The reason is the how zkUrl is handled in PhoenixRDD: 
> {noformat}
> config.set(HConstants.ZOOKEEPER_QUORUM, url )
> {noformat}
> At the same time the {{ConnectionUtil.getInputConnection}} expects to see all 
> parameters (quorum address, port, znodeParent) in different Configuration 
> properties. As the result it gets default values for port and znodeParent and 
> adds it to the provided url, so the {{PhoenixEmbededDriver.create}} receives 
> something like that:
> {noformat}
> jdbc:phoenix:quorum:2181:/hbase-secure:2181:/hbase
> {noformat}
> and consider 2 fields as kerberos principal and keytab.  



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)