Can you make the same curl call to port 15000 then? -- Arpit Gupta Hortonworks Inc. http://hortonworks.com/
On Jul 15, 2014, at 1:09 PM, Venkat R <[email protected]> wrote: > Prism and Falcon for colo-1 are running on the same machine and Falcon for > colo-2 is running on a different machine. > > So, I'm sharing the config files with Prisim and Falcon colo-1. > I think it should be okay? > > > On Tuesday, July 15, 2014 1:03 PM, Arpit Gupta <[email protected]> wrote: > > > > you cant use the same config for falcon and prism servers they are running on > different hosts at least from the hostname you mention. > > The falcon service principal and spnego principal both have to have hostnames > as part of them. For example if your host is "eat1-server1.grid.example.com" > > then your falcon service principal would be > "falcon/eat1-server1.grid.example.com@REALM" and spnego would be > "HTTP/eat1-server1.grid.example.com@REALM" > > > If you are using _HOST in the configs instead of the real hostname then you > have to make sure the appropriate principal's are available in keytabs. > > -- > Arpit Gupta > Hortonworks Inc. > http://hortonworks.com/ > > On Jul 15, 2014, at 12:16 PM, Venkat R <[email protected]> wrote: > >> Hi Arpit, >> >> curl --negotiate -u : "http://eat1-server1.grid.example.com:16000/"; >> <html> >> <head> >> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> >> <title>Error 503 SERVICE_UNAVAILABLE</title> >> </head> >> <body> >> <h2>HTTP ERROR: 503</h2> >> <p>Problem accessing /. Reason: >> <pre> SERVICE_UNAVAILABLE</pre></p> >> <hr /><i><small>Powered by Jetty://</small></i> >> </body> >> </html> >> >> The startup.properties points to the correct keytabs containing both the >> falcon user and HTTP principals. The Falcon server starts without any issue >> (or exception). >> >> Command to start prism: >> $ bin/prism-start -port 16000 >> $ bin/prism-status >> Hadoop is installed, adding hadoop classpath to falcon classpath >> Falcon server is running (on http://eat1-hcl0758.grid.linkedin.com:15000/) >> >> runtime.properties >> >> *.all.colos=eat-1, lva-1 >> *.falcon.eat-1.endpoint=http://eat1-server1.grid.example.com:15000 >> *.falcon.lva-1.endpoint=http://lva1-server1.grid.example.com:15000 >> #falcon server should have the following properties >> falcon.current.colo=eat-1 >> ######### Authentication Properties ######### >> falcon.enableTLS=false >> >> The startup properties remains the same as the one I used for standalone >> version (nothing changed). >> >> is there something else in the config I'm missing? >> >> Thanks >> >> >> >> On Tuesday, July 15, 2014 9:17 AM, Arpit Gupta <[email protected]> wrote: >> >> >> >> Then check your service principal and spnego principal properties and make >> sure the keytab location and the principal configured are correct. >> >> From the exception it could not log in using the keytab provided. >> >> -- >> Arpit Gupta >> Hortonworks Inc. >> http://hortonworks.com/ >> >> On Jul 15, 2014, at 9:14 AM, [email protected] >> <[email protected]> wrote: >> >>> Arpit >>> >>> Will try, but the exception I see is in the prism.application.log and so >>> the service is not up. >>> >>> Sent from my HTC >>> >>> ----- Reply message ----- >>> From: "Arpit Gupta" <[email protected]> >>> To: "[email protected]" <[email protected]>, >>> "Venkat R" <[email protected]> >>> Subject: Prism server setup >>> Date: Tue, Jul 15, 2014 8:46 AM >>> >>> If you are running secure falcon than the browser will need spnego support >>> in order to show the UI. The error message the user sees can be improved >>> but you will need to configure your browser to do spnego negotiate. >>> >>> After kinit run the following call >>> >>> curl --negotiate -u : "http://eat1-hcl0758.grid.linkedin.com:16000/ " and >>> see if it goes through. >>> >>> Arpit >>> >>> >>> On Mon, Jul 14, 2014 at 6:28 PM, Venkat R <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> I followed the instructions here >>>> https://blogs.apache.org/falcon/entry/starting_falcon_in_distributed_mode >>>> and >>>> made the necessary changes to the conf/runtime.properties as below: >>>> >>>> <verbatim> >>>> >>>> *.all.colos=eat-1, lva-1 >>>> *.falcon.eat-1.endpoint=http://eat1-server1.grid.example.com:15000 >>>> *.falcon.lva-1.endpoint=http://lva1-server2.grid.example.com:15000 >>>> >>>> #falcon server should have the following properties >>>> falcon.current.colo=eat-1 >>>> >>>> </verbatim> >>>> >>>> I started the prism server as follows: >>>> >>>> bin/prism-start -port 16000 >>>> >>>> and the status report ok. But browser reports error when I try to access >>>> http://eat1-hcl0758.grid.linkedin.com:16000/ >>>> >>>> return ERROR 503. >>>> >>>> And the prims log has the following exception: >>>> >>>> Not sure what this password being asked. >>>> >>>> The use lannching the Prism server has kerberos TGT in the cache. >>>> >>>> Thanks >>>> --Venkat >>>> >>>> >>>> 2014-07-15 01:19:21,426 WARN - [main:] ~ Nested in >>>> javax.servlet.ServletException: javax.security.auth.login.LoginException: >>>> Unable to obtain password from user >>>> : (log:89) >>>> javax.security.auth.login.LoginException: Unable to obtain password from >>>> user >>>> >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:789) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:654) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>> at java.lang.reflect.Method.invoke(Method.java:597) >>>> at >>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) >>>> at >>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) >>>> at >>>> javax.security.auth.login.LoginContext$5.run(LoginContext.java:706) >>>> at java.security.AccessController.doPrivileged(Native Method) >>>> at >>>> javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703) >>>> at >>>> javax.security.auth.login.LoginContext.login(LoginContext.java:575) >>>> at >>>> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:187) >>>> at >>>> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:146) >>>> at >>>> org.apache.falcon.security.BasicAuthFilter.init(BasicAuthFilter.java:82) >>>> at >>>> org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97) >>>> at >>>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50) >>>> at >>>> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713) >>>> at >>>> org.mortbay.jetty.servlet.Context.startContext(Context.java:140) >>>> at >>>> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282) >>>> >>> >>> -- >>> CONFIDENTIALITY NOTICE >>> NOTICE: This message is intended for the use of the individual or entity to >>> which it is addressed and may contain information that is confidential, >>> privileged and exempt from disclosure under applicable law. If the reader >>> of this message is not the intended recipient, you are hereby notified that >>> any printing, copying, dissemination, distribution, disclosure or >>> forwarding of this communication is strictly prohibited. If you have >>> received this communication in error, please contact the sender immediately >>> and delete it from your system. Thank You. > >> >> >> >> -- >> CONFIDENTIALITY NOTICE >> NOTICE: This message is intended for the use of the individual or entity to >> which it is addressed and may contain information that is confidential, >> privileged and exempt from disclosure under applicable law. If the reader >> of this message is not the intended recipient, you are hereby notified that >> any printing, copying, dissemination, distribution, disclosure or >> forwarding of this communication is strictly prohibited. If you have >> received this communication in error, please contact the sender immediately >> and delete it from your system. Thank You. > > > -- > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader > of this message is not the intended recipient, you are hereby notified that > any printing, copying, dissemination, distribution, disclosure or > forwarding of this communication is strictly prohibited. If you have > received this communication in error, please contact the sender immediately > and delete it from your system. Thank You. -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
