Alejandro Fernandez created AMBARI-18013: --------------------------------------------
Summary: HiveHook fails to post messages to kafka due to missing keytab config in /etc/hive/conf/atlas-application.properties in kerberized cluster Key: AMBARI-18013 URL: https://issues.apache.org/jira/browse/AMBARI-18013 Project: Ambari Issue Type: Bug Components: stacks Affects Versions: 2.4.0 Reporter: Alejandro Fernandez Assignee: Alejandro Fernandez Fix For: 2.4.0 STR: * Install Ambari 2.4 * HDP 2.5 with Hive and Atlas * Kerberize the cluster The hive hook fails because 2 configs are missing from hive-atlas-application.properties, {noformat} atlas.jaas.KafkaClient.option.keyTab=/etc/security/keytabs/hive.service.keytab atlas.jaas.KafkaClient.option.principal=hive/_h...@example.com {noformat} *Impact: HiveHook related tests are failing.* {noformat} 2016-07-29 10:25:50,087 INFO [Atlas Logger 1]: producer.ProducerConfig (AbstractConfig.java:logAll(178)) - ProducerConfig values: metric.reporters = [] metadata.max.age.ms = 300000 reconnect.backoff.ms = 50 sasl.kerberos.ticket.renew.window.factor = 0.8 bootstrap.servers = [atlas-r6-bug-62789-1023re-2.openstacklocal:6667, atlas-r6-bug-62789-1023re-1.openstacklocal:6667] ssl.keystore.type = JKS sasl.mechanism = GSSAPI max.block.ms = 60000 interceptor.classes = null ssl.truststore.password = null client.id = ssl.endpoint.identification.algorithm = null request.timeout.ms = 30000 acks = 1 receive.buffer.bytes = 32768 ssl.truststore.type = JKS retries = 0 ssl.truststore.location = null ssl.keystore.password = null send.buffer.bytes = 131072 compression.type = none metadata.fetch.timeout.ms = 60000 retry.backoff.ms = 100 sasl.kerberos.kinit.cmd = /usr/bin/kinit buffer.memory = 33554432 timeout.ms = 30000 key.serializer = class org.apache.kafka.common.serialization.StringSerializer sasl.kerberos.service.name = kafka sasl.kerberos.ticket.renew.jitter = 0.05 ssl.trustmanager.algorithm = PKIX block.on.buffer.full = false ssl.key.password = null sasl.kerberos.min.time.before.relogin = 60000 connections.max.idle.ms = 540000 max.in.flight.requests.per.connection = 5 metrics.num.samples = 2 ssl.protocol = TLS ssl.provider = null ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] batch.size = 16384 ssl.keystore.location = null ssl.cipher.suites = null .protocol = PLAINTEXTSASL max.request.size = 1048576 value.serializer = class org.apache.kafka.common.serialization.StringSerializer ssl.keymanager.algorithm = SunX509 metrics.sample.window.ms = 30000 partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner linger.ms = 0 2016-07-29 10:25:50,091 INFO [Atlas Logger 1]: producer.KafkaProducer (KafkaProducer.java:close(658)) - Closing the Kafka producer with timeoutMillis = 0 ms. 2016-07-29 10:25:50,091 INFO [Atlas Logger 1]: hook.AtlasHook (AtlasHook.java:notifyEntitiesInternal(131)) - Failed to notify atlas for entity [[{Id='(type: hive_db, id: <unassigned>)', traits=[], values={owner=public, ownerType=2, qualifiedName=default@cl1, clusterName=cl1, name=default, description=Default Hive database, location=hdfs://atlas-r6-bug-62789-1023re-1.openstacklocal:8020/apps/hive/warehouse, parameters={}}}, {Id='(type: hive_table, id: <unassigned>)', traits=[], values={owner=hrt_qa, temporary=false, lastAccessTime=Fri Jul 29 10:25:49 UTC 2016, qualifiedName=default.t2@cl1, columns=[{Id='(type: hive_column, id: <unassigned>)', traits=[], values={owner=hrt_qa, qualifiedName=default.t2.abc@cl1, name=abc, comment=null, type=string, table=(type: hive_table, id: <unassigned>)}}], sd={Id='(type: hive_storagedesc, id: <unassigned>)', traits=[], values={qualifiedName=default.t2@cl1_storage, storedAsSubDirectories=false, location=hdfs://atlas-r6-bug-62789-1023re-1.openstacklocal:8020/apps/hive/warehouse/t2, compressed=false, inputFormat=org.apache.hadoop.mapred.TextInputFormat, outputFormat=org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat, parameters={}, serdeInfo=org.apache.atlas.typesystem.Struct@7648946d, table=(type: hive_table, id: <unassigned>), numBuckets=-1}}, tableType=MANAGED_TABLE, createTime=Fri Jul 29 10:25:49 UTC 2016, name=t2, comment=null, partitionKeys=[], parameters={totalSize=0, numRows=0, rawDataSize=0, COLUMN_STATS_ACCURATE={"BASIC_STATS":"true"}, numFiles=0, transient_lastDdlTime=1469787949}, retention=0, db={Id='(type: hive_db, id: <unassigned>)', traits=[], values={owner=public, ownerType=2, qualifiedName=default@cl1, clusterName=cl1, name=default, description=Default Hive database, location=hdfs://atlas-r6-bug-62789-1023re-1.openstacklocal:8020/apps/hive/warehouse, parameters={}}}}}]]. Retrying org.apache.kafka.common.KafkaException: Failed to construct kafka producer at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:335) at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:188) at org.apache.atlas.kafka.KafkaNotification.createProducer(KafkaNotification.java:312) at org.apache.atlas.kafka.KafkaNotification.sendInternal(KafkaNotification.java:220) at org.apache.atlas.notification.AbstractNotification.send(AbstractNotification.java:84) at org.apache.atlas.hook.AtlasHook.notifyEntitiesInternal(AtlasHook.java:126) at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:111) at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:157) at org.apache.atlas.hive.hook.HiveHook.fireAndForget(HiveHook.java:274) at org.apache.atlas.hive.hook.HiveHook.access$200(HiveHook.java:82) at org.apache.atlas.hive.hook.HiveHook$2.run(HiveHook.java:186) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: org.apache.kafka.common.KafkaException: javax..auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86) at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:71) at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:277) ... 15 more Caused by: javax..auth.login.LoginException: Could not login: the client is being asked for a password, but the Kafka client code does not currently support obtaining a password from the user. not available to garner authentication information from the user at com.sun..auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:940) at com.sun..auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760) at com.sun..auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) at sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax..auth.login.LoginContext.invoke(LoginContext.java:755) at javax..auth.login.LoginContext.access$000(LoginContext.java:195) at javax..auth.login.LoginContext$4.run(LoginContext.java:682) at javax..auth.login.LoginContext$4.run(LoginContext.java:680) at java..AccessController.doPrivileged(Native Method) at javax..auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax..auth.login.LoginContext.login(LoginContext.java:587) at org.apache.kafka.common..authenticator.AbstractLogin.login(AbstractLogin.java:69) at org.apache.kafka.common..kerberos.KerberosLogin.login(KerberosLogin.java:110) at org.apache.kafka.common..authenticator.LoginManager.<init>(LoginManager.java:46) at org.apache.kafka.common..authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) ... 18 more {noformat} -- This message was sent by Atlassian JIRA (v6.3.4#6332)