[ https://issues.apache.org/jira/browse/KNOX-1162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16772094#comment-16772094 ]
ASF subversion and git services commented on KNOX-1162: ------------------------------------------------------- Commit dac2f2e289ea4ca99afd37dadcfc623fdac19fb1 in knox's branch refs/heads/master from Sandor Molnar [ https://gitbox.apache.org/repos/asf?p=knox.git;h=dac2f2e ] KNOX-1162 - Logging stacktrace for FATAL messages and displaying a meaningful error message in case of missing/non-parsable JAAS configuration (#55) > Improve diagnostics for conf/krb5JAASLogin.conf misconfiguration > ---------------------------------------------------------------- > > Key: KNOX-1162 > URL: https://issues.apache.org/jira/browse/KNOX-1162 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Affects Versions: 0.14.0 > Reporter: Kevin Minder > Assignee: Sandor Molnar > Priority: Minor > Fix For: 1.3.0 > > Time Spent: 3.5h > Remaining Estimate: 0h > > When there is a misconfiguration in conf/krb5JAASLogin.conf the server fails > to start and the information in gateway.log isn't at all helpful. So two > requests > # Logging should indicate at a minimum what file contains the issue. > # All fatal issues should log stack traces without requiring enabling debug > logging. > This is the error shown in gateway.log > {code} > 2018-01-05 12:05:12,538 FATAL hadoop.gateway (GatewayServer.java:main(163)) - > Failed to start gateway: java.lang.SecurityException: java.io.IOException: > Configuration Error: > Line 7: expected [option key] > {code} > When you enabled debug logging you get somewhat better information. > {code} > 2018-01-05 15:55:54,087 FATAL hadoop.gateway (GatewayServer.java:main(163)) - > Failed to start gateway: java.lang.SecurityException: java.io.IOException: > Configuration Error: > Line 7: expected [option key] > java.lang.SecurityException: java.io.IOException: Configuration Error: > Line 7: expected [option key] > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137) > at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) > at java.lang.reflect.Constructor.newInstance(Constructor.java:423) > at java.lang.Class.newInstance(Class.java:442) > at > javax.security.auth.login.Configuration$2.run(Configuration.java:255) > at > javax.security.auth.login.Configuration$2.run(Configuration.java:247) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246) > at > org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.<init>(RemoteConfigurationRegistryJAASConfig.java:52) > at > org.apache.hadoop.gateway.service.config.remote.zk.RemoteConfigurationRegistryJAASConfig.configure(RemoteConfigurationRegistryJAASConfig.java:59) > at > org.apache.hadoop.gateway.service.config.remote.zk.CuratorClientService.init(CuratorClientService.java:80) > at > org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:113) > at > org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:154) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:498) > at > org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70) > at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39) > at org.apache.hadoop.gateway.launcher.Command.run(Command.java:99) > at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69) > at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46) > Caused by: java.io.IOException: Configuration Error: > Line 7: expected [option key] > at > sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666) > at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:572) > at > sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:477) > at > sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427) > at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329) > at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271) > at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135) > ... 24 more > {code} > Lastly the particular configuration error in conf/krb5JAASLogin.conf was > missing quotes for the keyTab and principal values. Note, portions of the > principal have been scrubbed and replaced with tokens (e.g. <host-name>) > {code} > com.sun.security.jgss.initiate { > com.sun.security.auth.module.Krb5LoginModule required > renewTGT=true > doNotPrompt=true > useKeyTab=true > keyTab=/usr/hdp/current/knox-server/conf/knox.keytab > principal=knox/<host-name>@<realm-name> > isInitiator=true > storeKey=true > useTicketCache=true > client=true; > }; > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)