[jira] [Work logged] (KNOX-1162) Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration

Mon, 18 Feb 2019 09:25:06 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-1162?focusedWorklogId=200147&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-200147
 ]

ASF GitHub Bot logged work on KNOX-1162:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 18/Feb/19 17:24
            Start Date: 18/Feb/19 17:24
    Worklog Time Spent: 10m 
      Work Description: rlevas commented on pull request #55: KNOX-1162 - 
Logging stacktrace for FATAL messages and displaying a meaningful error message 
in case of missing/non-parsable JAAS configuration
URL: https://github.com/apache/knox/pull/55#discussion_r257778724
 
 

 ##########
 File path: 
gateway-service-remoteconfig/src/main/java/org/apache/knox/gateway/service/config/remote/zk/RemoteConfigurationRegistryJAASConfig.java
 ##########
 @@ -49,17 +51,26 @@
     private static final RemoteConfigurationMessages log = 
MessagesFactory.get(RemoteConfigurationMessages.class);
 
     // Cache the current JAAS configuration
-    private Configuration delegate = Configuration.getConfiguration();
+    private final Configuration delegate;
 
-    private AliasService aliasService;
+    private final AliasService aliasService;
 
-    private Map<String, AppConfigurationEntry[]> contextEntries =  new 
HashMap<>();
+    private final Map<String, AppConfigurationEntry[]> contextEntries =  new 
HashMap<>();
 
     static RemoteConfigurationRegistryJAASConfig 
configure(List<RemoteConfigurationRegistryConfig> configs, AliasService 
aliasService) {
         return new RemoteConfigurationRegistryJAASConfig(configs, 
aliasService);
     }
 
     private 
RemoteConfigurationRegistryJAASConfig(List<RemoteConfigurationRegistryConfig> 
configs, AliasService aliasService) {
+        try {
+          delegate = Configuration.getConfiguration();
+        } catch(Exception e) {
+          //populate the original error with a meaningful message; logging 
will happen later in the upper in the call hierarchy
 
 Review comment:
   Change to:
   "//populate the original error with a meaningful message; logging will 
happen later in the call hierarchy"
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 200147)
    Time Spent: 40m  (was: 0.5h)

> Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration
> ----------------------------------------------------------------
>
>                 Key: KNOX-1162
>                 URL: https://issues.apache.org/jira/browse/KNOX-1162
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 0.14.0
>            Reporter: Kevin Minder
>            Assignee: Sandor Molnar
>            Priority: Minor
>             Fix For: 1.3.0
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> When there is a misconfiguration in conf/krb5JAASLogin.conf the server fails 
> to start and the information in gateway.log isn't at all helpful.  So two 
> requests
> # Logging should indicate at a minimum what file contains the issue.
> # All fatal issues should log stack traces without requiring enabling debug 
> logging.
> This is the error shown in gateway.log
> {code}
> 2018-01-05 12:05:12,538 FATAL hadoop.gateway (GatewayServer.java:main(163)) - 
> Failed to start gateway: java.lang.SecurityException: java.io.IOException: 
> Configuration Error:
>         Line 7: expected [option key]
> {code}
> When you enabled debug logging you get somewhat better information.
> {code}
> 2018-01-05 15:55:54,087 FATAL hadoop.gateway (GatewayServer.java:main(163)) - 
> Failed to start gateway: java.lang.SecurityException: java.io.IOException: 
> Configuration Error:
>         Line 7: expected [option key]
> java.lang.SecurityException: java.io.IOException: Configuration Error:
>         Line 7: expected [option key]
>         at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)
>         at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
> Method)
>         at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>         at java.lang.Class.newInstance(Class.java:442)
>         at 
> javax.security.auth.login.Configuration$2.run(Configuration.java:255)
>         at 
> javax.security.auth.login.Configuration$2.run(Configuration.java:247)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at 
> javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:52)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:59)
>         at 
> org.apache.hadoop.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:80)
>         at 
> org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:113)
>         at 
> org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:154)
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>         at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>         at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>         at java.lang.reflect.Method.invoke(Method.java:498)
>         at 
> org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
>         at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
>         at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99)
>         at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
>         at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
> Caused by: java.io.IOException: Configuration Error:
>         Line 7: expected [option key]
>         at 
> sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)
>         at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572)
>         at 
> sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477)
>         at 
> sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)
>         at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)
>         at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)
>         at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)
>         ... 24 more
> {code}
> Lastly the particular configuration error in conf/krb5JAASLogin.conf was 
> missing quotes for the keyTab and principal values.  Note, portions of the 
> principal have been scrubbed and replaced with tokens (e.g. <host-name>)
> {code}
> com.sun.security.jgss.initiate {
>     com.sun.security.auth.module.Krb5LoginModule required
>     renewTGT=true
>     doNotPrompt=true
>     useKeyTab=true
>     keyTab=/usr/hdp/current/knox-server/conf/knox.keytab
>     principal=knox/<host-name>@<realm-name>
>     isInitiator=true
>     storeKey=true
>     useTicketCache=true
>     client=true;
> };
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to