> On Feb. 23, 2015, 8:54 a.m., Andrew Onischuk wrote: > > I remember bugs when we had to lowecase the hostnames in principal names. I > > know it's not the scope of this jira. But look like we don't lowercase the > > hostnames that will result in bad kinit, if user has mixed cased FQNDs
We will have to look into why case comes into play for principal names, thanks for the heads up on this. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/31304/#review73561 ----------------------------------------------------------- On Feb. 23, 2015, 8:38 a.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/31304/ > ----------------------------------------------------------- > > (Updated Feb. 23, 2015, 8:38 a.m.) > > > Review request for Ambari, Andrew Onischuk and Vitalyi Brodetskyi. > > > Bugs: AMBARI-9743 > https://issues.apache.org/jira/browse/AMBARI-9743 > > > Repository: ambari > > > Description > ------- > > On last stage, storm service check failed > ``` > 1017 [main] INFO backtype.storm.StormSubmitter - Generated ZooKeeper secret > payload for MD5-digest: -5540876373091122649:-7113320937502691642 > 1021 [main] INFO backtype.storm.security.auth.AuthUtils - Got AutoCreds [] > 1039 [main] WARN org.apache.storm.curator.retry.ExponentialBackoffRetry - > maxRetries too large (60000). Pinning to 29 > 1043 [main] INFO backtype.storm.utils.StormBoundedExponentialBackoffRetry - > The baseSleepTimeMs [2000] the maxSleepTimeMs [5] the maxRetries [60000] > 1043 [main] WARN backtype.storm.utils.StormBoundedExponentialBackoffRetry - > Misconfiguration: the baseSleepTimeMs [2000] can't be greater than the > maxSleepTimeMs [5]. > 1847 [main] INFO org.apache.storm.zookeeper.Login - successfully logged in. > Exception in thread "main" java.lang.RuntimeException: > javax.security.sasl.SaslException: Failure to initialize security context > [Caused by GSSException: Invalid name provided (Mechanism level: Illegal > character in realm name; one of: '/', ':', '' (600))] > at > backtype.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:99) > at > backtype.storm.security.auth.ThriftClient.<init>(ThriftClient.java:66) > at backtype.storm.utils.NimbusClient.<init>(NimbusClient.java:52) > at > backtype.storm.utils.NimbusClient.getConfiguredClient(NimbusClient.java:36) > at backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:211) > at backtype.storm.StormSubmitter.submitTopology(StormSubmitter.java:157) > at storm.starter.WordCountTopology.main(WordCountTopology.java:77) > Caused by: javax.security.sasl.SaslException: Failure to initialize security > context [Caused by GSSException: Invalid name provided (Mechanism level: > Illegal character in realm name; one of: '/', ':', '' (600))] > at > com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:150) > at > com.sun.security.sasl.gsskerb.FactoryImpl.createSaslClient(FactoryImpl.java:63) > at javax.security.sasl.Sasl.createSaslClient(Sasl.java:372) > at > org.apache.thrift7.transport.TSaslClientTransport.<init>(TSaslClientTransport.java:72) > at > backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin.connect(KerberosSaslTransportPlugin.java:127) > at > backtype.storm.security.auth.TBackoffConnect.doConnectWithRetry(TBackoffConnect.java:48) > at > backtype.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:97) > ... 6 more > Caused by: GSSException: Invalid name provided (Mechanism level: Illegal > character in realm name; one of: '/', ':', '' (600)) > at > sun.security.jgss.krb5.Krb5NameElement.getInstance(Krb5NameElement.java:127) > at > sun.security.jgss.krb5.Krb5MechFactory.getNameElement(Krb5MechFactory.java:95) > at > sun.security.jgss.GSSManagerImpl.getNameElement(GSSManagerImpl.java:202) > at sun.security.jgss.GSSNameImpl.getElement(GSSNameImpl.java:472) > at sun.security.jgss.GSSNameImpl.init(GSSNameImpl.java:201) > at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:170) > at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:137) > at > com.sun.security.sasl.gsskerb.GssKrb5Client.<init>(GssKrb5Client.java:108) > ... 12 more > ``` > > The solution is to properly strip the service name from the principal value > > > Diffs > ----- > > > ambari-server/src/main/resources/common-services/STORM/0.9.1.2.1/package/scripts/params.py > 887132d > > Diff: https://reviews.apache.org/r/31304/diff/ > > > Testing > ------- > > Manually tested in cluster > > Locally ran tests > > [INFO] > ------------------------------------------------------------------------ > [INFO] BUILD SUCCESS > [INFO] > ------------------------------------------------------------------------ > [INFO] Total time: 50.941s > [INFO] Finished at: Mon Feb 23 08:13:41 EST 2015 > [INFO] Final Memory: 64M/1228M > [INFO] > ------------------------------------------------------------------------ > > > Thanks, > > Robert Levas > >
