[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Attachment: AMBARI-22505_branch2.6.patch AMBARI-22505.patch > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch, AMBARI-22505_branch2.6.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Patch Available (was: In Progress) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch, AMBARI-22505_branch2.6.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Attachment: (was: AMBARI-22505_branch2.6.patch) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Open (was: Patch Available) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch, AMBARI-22505_branch-2.6.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Attachment: AMBARI-22505_branch-2.6.patch > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch, AMBARI-22505_branch-2.6.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Patch Available (was: In Progress) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch, AMBARI-22505_branch-2.6.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Attachment: (was: AMBARI-22505_branch-2.6.patch) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: In Progress (was: Patch Available) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Patch Available (was: In Progress) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: In Progress (was: Patch Available) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Patch Available (was: In Progress) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Open (was: Patch Available) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Status: Patch Available (was: Open) > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)
[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
[ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Yolanda M. Davis updated AMBARI-22505: -- Resolution: Fixed Fix Version/s: 2.6.1 Status: Resolved (was: Patch Available) This patch was merged on 11/30/2017 > Kafka service check fails when using a non-root user in kerberized environment > -- > > Key: AMBARI-22505 > URL: https://issues.apache.org/jira/browse/AMBARI-22505 > Project: Ambari > Issue Type: Bug > Components: stacks >Affects Versions: 2.6.0 >Reporter: Yolanda M. Davis >Assignee: Yolanda M. Davis >Priority: Major > Fix For: 2.6.1 > > Attachments: AMBARI-22505.patch > > > When Ambari agents are configured to run with a non-root user, if kerberos is > enabled, Kafka service check experiences errors in the logs which indicate > that the check is attempting to create a topic that already exists. However > the true failure, which isn't in the logs but captured in an error variable, > demonstrates the culprit (see below): > [2017-11-22 05:12:57,029] WARN SASL configuration failed: > javax.security.auth.login.LoginException: No password provided Will continue > connection to Zookeeper server without SASL authentication, if Zookeeper > server allows it. (org.apache.zookeeper.ClientCnxn) > Exception in thread "main" > org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure > at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947) > at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924) > at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:157) > at org.I0Itec.zkclient.ZkClient.(ZkClient.java:131) > at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115) > at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97) > at kafka.admin.TopicCommand$.main(TopicCommand.scala:56) > at kafka.admin.TopicCommand.main(TopicCommand.scala) > This occurs because a prior check to see if the topic exists is not executed > as the kafka user. A subsequent call to create the topic does execute as that > user. The first check should also execute as the kakfa user. Also Ambari > should immediately raise a failure if an error occurs during the topic check > and show that error in the logs. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
