Tom Beerbower created AMBARI-17242:
--------------------------------------
Summary: Atlas Integration : atlas.authentication.principal should
be set to atlas/_h...@example.com
Key: AMBARI-17242
URL: https://issues.apache.org/jira/browse/AMBARI-17242
Project: Ambari
Issue Type: Bug
Reporter: Tom Beerbower
Assignee: Tom Beerbower
In a kerberized env, the value of atlas.authentication.principal should be set
to atlas/_h...@example.com. Currently the value is set to atlas which causes
Atlas server startup to fail.
{code}
########################################################################################
(Atlas:194)
2016-06-11 01:51:27,820 INFO - [main:] ~ >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
(Atlas:195)
2016-06-11 01:51:27,820 INFO - [main:] ~ Server starting with TLS ? false on
port 21000 (Atlas:196)
2016-06-11 01:51:27,820 INFO - [main:] ~ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
(Atlas:197)
2016-06-11 01:51:27,885 INFO - [main:] ~ Logging initialized @1201ms (log:186)
2016-06-11 01:51:28,005 INFO - [main:] ~ jetty-9.2.12.v20150709 (Server:327)
2016-06-11 01:51:29,022 INFO - [main:] ~ Loading Guice modules
(GuiceServletConfig:65)
2016-06-11 01:51:29,199 WARN - [main:] ~ Failed startup of context
o.e.j.w.WebAppContext@14cd1699{/,file:/usr/hdp/2.5.0.0-717/atlas/server/webapp/atlas/,STARTING}{/usr/hdp/current/atlas-server/server/webapp/atlas}
(WebAppContext:514)
java.lang.IllegalStateException: Unable to perform KERBEROS login.
at
org.apache.atlas.web.listeners.LoginProcessor.doServiceLogin(LoginProcessor.java:79)
at
org.apache.atlas.web.listeners.LoginProcessor.login(LoginProcessor.java:58)
at
org.apache.atlas.web.listeners.GuiceServletConfig.getInjector(GuiceServletConfig.java:76)
at
com.google.inject.servlet.GuiceServletContextListener.contextInitialized(GuiceServletContextListener.java:47)
at
org.apache.atlas.web.listeners.GuiceServletConfig.contextInitialized(GuiceServletConfig.java:132)
at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:800)
at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:444)
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:791)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)
at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1349)
at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1342)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:505)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.apache.atlas.web.service.EmbeddedServer.start(EmbeddedServer.java:93)
at org.apache.atlas.Atlas.main(Atlas.java:113)
Caused by: java.io.IOException: Login failure for atlas from keytab
/etc/security/keytabs/atlas.service.keytab:
javax.security.auth.login.LoginException: Unable to obtain password from user
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:987)
at
org.apache.atlas.web.listeners.LoginProcessor.doServiceLogin(LoginProcessor.java:73)
... 21 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password
from user
at
com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at
org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:978)
... 22 more
2016-06-11 01:51:29,214 INFO - [main:] ~ Started
ServerConnector@771adfcb{HTTP/1.1}{0.0.0.0:21000} (ServerConnector:266)
2016-06-11 01:51:29,214 INFO - [main:] ~ Started @2533ms (Server:379)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
