[jira] [Updated] (AMBARI-12257) hive-site/hive.metastore.sasl.enabled value incorrect when adding Hive to a Kerberized Cluster

Robert Levas (JIRA) Thu, 02 Jul 2015 10:58:36 -0700

     [ 
https://issues.apache.org/jira/browse/AMBARI-12257?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Robert Levas updated AMBARI-12257:
----------------------------------
    Description: 
When *adding* Hive to an existing Kerberized cluster, the 
{{hive-site/hive.metastore.sasl.enabled}} value is set to {{false}} when it 
should be {{true}}.  If Hive was installed before enabling Kerberos,  
{{hive-site/hive.metastore.sasl.enabled}} is set to {{true}} after enabling 
Kerberos.

If {{hive-site/hive.metastore.sasl.enabled}} is {{false}} in a Kerberized 
cluster, the following error can be seen in the hiverserver2.log:

{noformat:title=/var/log/hive/hiveserver2.log}
2015-07-01 23:35:16,128 ERROR [HiveServer2-Handler-Pool: Thread-37]: 
server.TThreadPoolServer (TThreadPoolServer.java:run(296)) - Error occurred 
during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: 
Unsupported mechanism type GSSAPI
        at 
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at 
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Unsupported 
mechanism type GSSAPI
        at 
org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
        at 
org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:138)
        at 
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at 
org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at 
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 4 more
{noformat}

*Cause*
It appears that the front end is updating the Kerberos Descriptor _artifact_ 
with _old_ data rather than the data the is specified on the stack's Kerberos 
Descriptor. This occurs during the transition between the "Review" and 
"Install, Start, Test" pages of the "Add Service Wizard".

*Solution*
Use the current Kerberos Descriptor's values as default value for the updated 
Kerberos Descriptor and update only what the user changes in the relevant 
fields.

  was:
When *adding* Hive to an existing Kerberized cluster, the 
{{hive-site/hive.metastore.sasl.enabled}} value is set to {{false}} when it 
should be {{true}}.  If Hive was installed before enabling Kerberos,  
{{hive-site/hive.metastore.sasl.enabled}} is set to {{true}} after enabling 
Kerberos.

If {{hive-site/hive.metastore.sasl.enabled}} is {{false}} in a Kerberized 
cluster, the following error can be seen in the hiverserver2.log:

{noformat:title=/var/log/hive/hiveserver2.log}
2015-07-01 23:35:16,128 ERROR [HiveServer2-Handler-Pool: Thread-37]: 
server.TThreadPoolServer (TThreadPoolServer.java:run(296)) - Error occurred 
during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: 
Unsupported mechanism type GSSAPI
        at 
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at 
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.apache.thrift.transport.TTransportException: Unsupported 
mechanism type GSSAPI
        at 
org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
        at 
org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:138)
        at 
org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
        at 
org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at 
org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 4 more
{noformat}

*Cause*
This appears to be a general issue with adding services to a Kerberized cluster 
where the configurations specified in the Kerberos Descriptor are not applied. 

*Solution*
Update 
{{org.apache.ambari.server.controller.KerberosHelperImpl#configureService}} to 
process configurations. 


> hive-site/hive.metastore.sasl.enabled value incorrect when adding Hive to a 
> Kerberized Cluster
> ----------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-12257
>                 URL: https://issues.apache.org/jira/browse/AMBARI-12257
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-server
>    Affects Versions: 2.1.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Critical
>              Labels: kerberos
>             Fix For: 2.1.0
>
>
> When *adding* Hive to an existing Kerberized cluster, the 
> {{hive-site/hive.metastore.sasl.enabled}} value is set to {{false}} when it 
> should be {{true}}.  If Hive was installed before enabling Kerberos,  
> {{hive-site/hive.metastore.sasl.enabled}} is set to {{true}} after enabling 
> Kerberos.
> If {{hive-site/hive.metastore.sasl.enabled}} is {{false}} in a Kerberized 
> cluster, the following error can be seen in the hiverserver2.log:
> {noformat:title=/var/log/hive/hiveserver2.log}
> 2015-07-01 23:35:16,128 ERROR [HiveServer2-Handler-Pool: Thread-37]: 
> server.TThreadPoolServer (TThreadPoolServer.java:run(296)) - Error occurred 
> during processing of message.
> java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: 
> Unsupported mechanism type GSSAPI
>         at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
>         at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
>         at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>         at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>         at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.thrift.transport.TTransportException: Unsupported 
> mechanism type GSSAPI
>         at 
> org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
>         at 
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:138)
>         at 
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
>         at 
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
>         at 
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
>         ... 4 more
> {noformat}
> *Cause*
> It appears that the front end is updating the Kerberos Descriptor _artifact_ 
> with _old_ data rather than the data the is specified on the stack's Kerberos 
> Descriptor. This occurs during the transition between the "Review" and 
> "Install, Start, Test" pages of the "Add Service Wizard".
> *Solution*
> Use the current Kerberos Descriptor's values as default value for the updated 
> Kerberos Descriptor and update only what the user changes in the relevant 
> fields.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (AMBARI-12257) hive-site/hive.metastore.sasl.enabled value incorrect when adding Hive to a Kerberized Cluster

Reply via email to