[GitHub] zeppelin pull request #2407: [ZEPPELIN-1907] Shell Interpreter does not rene...

Tue, 13 Jun 2017 03:24:31 -0700 

GitHub user prabhjyotsingh opened a pull request:

    https://github.com/apache/zeppelin/pull/2407

    [ZEPPELIN-1907] Shell Interpreter does not renew ticket on secure cluster

    ### What is this PR for?
    Kerberos ticket and renew lifetime are set to 1 hour. On accessing secure 
Hadoop from shell interpreter, it does kinit and returns result successfully 
but after 1 hour, the ticket gets expired and Hadoop list fails with below 
exception.
    
    ```
    %sh
    hadoop fs -ls /
    
    17/01/05 09:29:45 WARN ipc.Client: Exception encountered while connecting 
to the server : 
    javax.security.sasl.SaslException: GSS initiate failed [Caused by 
GSSException: No valid credentials provided (Mechanism level: Failed to find 
any Kerberos tgt)]
        at 
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
        at 
org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:413)
        at 
org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:595)
        at org.apache.hadoop.ipc.Client$Connection.access$2000(Client.java:397)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:762)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:758)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724)
        at 
org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:757)
        at org.apache.hadoop.ipc.Client$Connection.access$3200(Client.java:397)
        at org.apache.hadoop.ipc.Client.getConnection(Client.java:1618)
        at org.apache.hadoop.ipc.Client.call(Client.java:1449)
        at org.apache.hadoop.ipc.Client.call(Client.java:1396)
        at 
org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:233)
        at com.sun.proxy.$Proxy10.getFileInfo(Unknown Source)
    ls: Failed on local exception: java.io.IOException: 
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: 
No valid credentials provided (Mechanism level: Failed to find any Kerberos 
tgt)]; Host Details : local host is: "zeppelin1.hwxblr.com/10.0.1.57"; 
destination host is: "zeppelin1.hwxblr.com":8020; 
    ExitValue: 1
    ```
    
    ### What type of PR is it?
    [Bug Fix]
    
    ### What is the Jira issue?
    * [ZEPPELIN-1907](https://issues.apache.org/jira/browse/ZEPPELIN-1907)
    
    ### How should this be tested?
    On a Kerberos enabled cluster, run this paragraph
    ```
    %sh
    hdfs dfs -ls /user/zeppelin/
    ```
    Wait for key-tab to expire (or run `kdestroy`), and re-run the same 
paragraph.
    
    ### Screenshots (if appropriate)
    Before:
    <img width="1438" alt="screen shot 2017-06-13 at 3 44 30 pm" 
src="https://user-images.githubusercontent.com/674497/27078184-511ed810-5050-11e7-8afa-90247f33047a.png";>
    
    After:
    <img width="1438" alt="screen shot 2017-06-13 at 3 44 04 pm" 
src="https://user-images.githubusercontent.com/674497/27078183-5109d690-5050-11e7-82e4-d79a5e98295f.png";>
    
    
    ### Questions:
    * Does the licenses files need update?
    * Is there breaking changes for older versions?
    * Does this needs documentation?


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1907

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2407.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2407
    
----
commit ab823d3ee9373c38f5f083d3471adf351c9177a2
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-13T10:18:44Z

    relogin using keytab, and append message for the same

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to