[jira] [Comment Edited] (KNOX-1091) Knox Audit Logging - duplicate correlation ids

Wed, 14 Feb 2018 08:32:20 -0800 

    [ 
https://issues.apache.org/jira/browse/KNOX-1091?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16364364#comment-16364364
 ] 

Kevin Risden edited comment on KNOX-1091 at 2/14/18 4:30 PM:
-------------------------------------------------------------

At first glance could be hard to test on Knox 0.8.0.
{noformat}
2018-02-14 10:26:46,444 ERROR hadoop.gateway 
(GatewayServer.java:handleCreateDeployment(476)) - Failed to deploy topology 
health: org.apache.hadoop.gateway.deploy.DeploymentException: Failed to 
contribute provider. Role: authentication Name: Anonymous. Please check the 
topology for errors in name and role and that the provider is on the classpath.
2018-02-14 10:26:46,444 INFO hadoop.gateway (GatewayServer.java:start(337)) - 
Monitoring topologies in directory: 
/home/myuser/knox-0.8.0/bin/../conf/topologies
2018-02-14 10:26:46,445 INFO hadoop.gateway 
(GatewayServer.java:startGateway(252)) - Started gateway on port 8,443.
2018-02-14 10:26:46,551 WARN hadoop.gateway (GatewayFilter.java:doFilter(152)) 
- Failed to match path /gateway/health/api/v1/version{noformat}
Knox 0.9.0 added support for anonymous authentication.
{noformat}
[KNOX-669] - Adding support for anonymous authentication{noformat}


was (Author: risdenk):
At first glance could be hard to test on Knox 0.8.0.
{noformat}
2018-02-14 10:26:46,444 ERROR hadoop.gateway 
(GatewayServer.java:handleCreateDeployment(476)) - Failed to deploy topology 
health: org.apache.hadoop.gateway.deploy.DeploymentException: Failed to 
contribute provider. Role: authentication Name: Anonymous. Please check the 
topology for errors in name and role and that the provider is on the classpath.
2018-02-14 10:26:46,444 INFO hadoop.gateway (GatewayServer.java:start(337)) - 
Monitoring topologies in directory: 
/home/myuser/knox-0.8.0/bin/../conf/topologies
2018-02-14 10:26:46,445 INFO hadoop.gateway 
(GatewayServer.java:startGateway(252)) - Started gateway on port 8,443.
2018-02-14 10:26:46,551 WARN hadoop.gateway (GatewayFilter.java:doFilter(152)) 
- Failed to match path /gateway/health/api/v1/version{noformat}

> Knox Audit Logging - duplicate correlation ids
> ----------------------------------------------
>
>                 Key: KNOX-1091
>                 URL: https://issues.apache.org/jira/browse/KNOX-1091
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Kevin Risden
>            Priority: Major
>
> From the Knox User list thread: "Multiple topology audit logging", it came to 
> my attention that Knox seems to be logging duplicate correlation ids. 
> Separating out the topic specifically here to dig a bit deeper.
> While looking at our Knox audit logs (Knox 0.9 on HDP 2.5) the "correlation 
> id" doesn't seem to be unique across requests. Is this to be expected? Here 
> is a snippet (anonymized):
> grep 7557c91b-2a48-4e09-aefc-44e9892372da /var/knox/gateway-audit.log
>  {code}
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE||||access|uri|/gateway/HADOOPTEST/hbase/hbase/NAMESPACE1:TABLE1/ID1//|unavailable|Request
>  method: GET
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||authentication|uri|/gateway/HADOOPPROD/hbase/NAMESPACE2:TABLE2/multiget?row=ID2%2fd%3araw&|success|
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||authentication|uri|/gateway/HADOOPPROD/hbase/NAMESPACE2:TABLE2/multiget?row=ID2%2fd%3araw&|success|Groups:
>  []
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||dispatch|uri|http://WEBHBASE.example.com:8084/NAMESPACE2:TABLE2/multiget?doAs=USER1&row=ID2%2Fd%3Araw|unavailable|Request
>  method: GET
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||dispatch|uri|http://WEBHBASE.example.com:8084/NAMESPACE2:TABLE2/multiget?doAs=USER1&row=ID2%2Fd%3Araw|success|Response
>  status: 200
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE|USER1|||access|uri|/gateway/HADOOPPROD/hbase/NAMESPACE2:TABLE2/multiget?row=ID2%2fd%3araw&|success|Response
>  status: 200
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE||||authentication|principal|USER2|failure|LDAP
>  authentication failed.
> 17/10/10 12:50:09 
> ||7557c91b-2a48-4e09-aefc-44e9892372da|audit|WEBHBASE||||access|uri|/gateway/HADOOPTEST/hbase/hbase/NAMESPACE1:TABLE2/ID1//|success|Response
>  status: 401
> {code}
> The things to highlight here for the same correlation id:
> * different topologies are being used
> * different uris are being used
> * different users are being used
> Some of the things that we have configured that could impact results:
> * authentication caching
> * multiple Knox servers
> * load balancer in front of Knox



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to