[
https://issues.apache.org/jira/browse/SLIDER-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15060224#comment-15060224
]
Steve Loughran commented on SLIDER-1027:
----------------------------------------
And the outcome of {{KDiagCommandIT}} against a secure cluster where the user
has no TGT:
{code}
2015-12-16 16:08:27,224 [main] DEBUG security.UserGroupInformation
(loginUserFromSubject(825)) - UGI loginUser:stevel (auth:KERBEROS)
2015-12-16 16:08:27,283 [main] ERROR client.SliderClient (actionKDiag(3801)) -
org.apache.hadoop.security.KerberosDiags$KerberosDiagsFailure: Login user: No
kerberos credentials for stevel (auth:KERBEROS)
2015-12-16 16:08:27,284 [main] DEBUG client.SliderClient (actionKDiag(3802)) -
org.apache.hadoop.security.KerberosDiags$KerberosDiagsFailure: Login user: No
kerberos credentials for stevel (auth:KERBEROS)
org.apache.hadoop.security.KerberosDiags$KerberosDiagsFailure: Login user: No
kerberos credentials for stevel (auth:KERBEROS)
at org.apache.hadoop.security.KerberosDiags.fail(KerberosDiags.java:297)
at
org.apache.hadoop.security.KerberosDiags.failif(KerberosDiags.java:303)
at
org.apache.hadoop.security.KerberosDiags.validateUser(KerberosDiags.java:289)
at
org.apache.hadoop.security.KerberosDiags.execute(KerberosDiags.java:195)
at
org.apache.slider.client.SliderClient.actionKDiag(SliderClient.java:3799)
at org.apache.slider.client.SliderClient.exec(SliderClient.java:397)
at
org.apache.slider.client.SliderClient.runService(SliderClient.java:326)
at
org.apache.slider.core.main.ServiceLauncher.launchService(ServiceLauncher.java:188)
at
org.apache.slider.core.main.ServiceLauncher.launchServiceRobustly(ServiceLauncher.java:475)
at
org.apache.slider.core.main.ServiceLauncher.launchServiceAndExit(ServiceLauncher.java:403)
at
org.apache.slider.core.main.ServiceLauncher.serviceMain(ServiceLauncher.java:630)
at org.apache.slider.Slider.main(Slider.java:49)
</stdout>
2015-12-16 16:08:28,335 [JUnit] ERROR framework.ShellBase
(NativeMethodAccessorImpl.java:invoke0(?)) -
<stderr>
Kerberos Diagnostics scan at Wed Dec 16 16:08:26 GMT 2015
System Properties
java.security.krb5.conf = "(unset)"
java.security.krb5.realm = "(unset)"
sun.security.krb5.debug = "(unset)"
sun.security.spnego.debug = "(unset)"
Environment Variables
HADOOP_JAAS_DEBUG = "true"
KRB5CCNAME = "(unset)"
HADOOP_USER_NAME = "(unset)"
HADOOP_PROXY_USER = "(unset)"
HADOOP_TOKEN_FILE_LOCATION = "(unset)"
hadoop.kerberos.kinit.command = "kinit"
hadoop.security.authentication = "kerberos"
hadoop.security.authorization = "true"
hadoop.security.dns.interface = "(unset)"
hadoop.security.dns.nameserver = "(unset)"
hadoop.ssl.enabled = "false"
hadoop.rpc.protection = "authentication"
hadoop.security.saslproperties.resolver.class = "(unset)"
hadoop.security.crypto.codec.classes = "(unset)"
hadoop.security.group.mapping =
"org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback"
Logging in
Log in user
UGI=stevel (auth:KERBEROS)
Has kerberos credentials: false
Authentication method: KERBEROS
Real Authentication method: KERBEROS
Group names
staff
access_bpf
everyone
localaccounts
_appserverusr
admin
_appserveradm
_lpadmin
com.apple.access_ssh
_appstore
_lpoperator
_developer
com.apple.access_ftp
com.apple.access_screensharing
Credentials
Secret keys
(none)
Tokens
(none)
Ticket based login: false
Keytab based login: false
</stderr>
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 5.883 sec <<<
FAILURE! - in org.apache.slider.funtest.commands.KDiagCommandIT
testKdiag(org.apache.slider.funtest.commands.KDiagCommandIT) Time elapsed:
3.313 sec <<< ERROR!
org.apache.slider.core.exceptions.SliderException: Expected exit code of
command
/Users/stevel/Projects/Hortonworks/Projects/slider/slider-assembly/target/slider-0.90.0-incubating-SNAPSHOT-all/slider-0.90.0-incubating-SNAPSHOT/bin/slider
kdiag --fail : 0 - actual=41
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at
org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:80)
at
org.codehaus.groovy.reflection.CachedConstructor.doConstructorInvoke(CachedConstructor.java:74)
at
org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrap.callConstructor(ConstructorSite.java:84)
at
org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallConstructor(CallSiteArray.java:60)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:235)
at
org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:255)
at
org.apache.slider.funtest.framework.ShellBase.assertExitCode(ShellBase.groovy:195)
at
org.apache.slider.funtest.framework.ShellBase.assertExitCode(ShellBase.groovy)
at
org.apache.slider.funtest.framework.CommandTestBase.assertExitCode(CommandTestBase.groovy:502)
at
org.apache.slider.funtest.framework.CommandTestBase.assertSuccess(CommandTestBase.groovy:485)
at
org.apache.slider.funtest.commands.KDiagCommandIT.testKdiag(KDiagCommandIT.groovy:36)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at
org.junit.internal.runners.statements.FailOnTimeout$StatementThread.run(FailOnTimeout.java:74)
{code}
> add a kdiag command for kerberos diagnostics
> --------------------------------------------
>
> Key: SLIDER-1027
> URL: https://issues.apache.org/jira/browse/SLIDER-1027
> Project: Slider
> Issue Type: New Feature
> Components: client
> Affects Versions: Slider 0.90
> Environment: Kerberos
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Fix For: Slider 0.90
>
> Attachments: out.txt
>
>
> Trying to debug kerberos problems is painful exercise
> Add a kerberos diagnostics command, `kdiag` to aid this; output to stdout or
> to a named file.
> add other args as appropriate, etg
> * `--required` - fail with exit code if no login
> * `--zookeeper` check zk details
> * `--hdfs` check HDFS
> * `--yarn` check yarn login
> * --keytab + keytab name`: check for accessibility, contents
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
