[
https://issues.apache.org/jira/browse/PHOENIX-3189?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Josh Elser reopened PHOENIX-3189:
---------------------------------
It would appear that my test doesn't work on builds.a.o:
{noformat}
Tests run: 7, Failures: 0, Errors: 7, Skipped: 0, Time elapsed: 20.264 sec <<<
FAILURE! - in org.apache.phoenix.jdbc.SecureUserConnectionsTest
testMultipleConnectionsAsSameUserWithoutLogin(org.apache.phoenix.jdbc.SecureUserConnectionsTest)
Time elapsed: 0.238 sec <<< ERROR!
java.sql.SQLException: ERROR 103 (08004): Unable to establish connection.
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUserWithoutLogin(SecureUserConnectionsTest.java:326)
Caused by: java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>:
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException:
Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUserWithoutLogin(SecureUserConnectionsTest.java:326)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUserWithoutLogin(SecureUserConnectionsTest.java:326)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUserWithoutLogin(SecureUserConnectionsTest.java:326)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUserWithoutLogin(SecureUserConnectionsTest.java:326)
testAlternatingDestructiveLogins(org.apache.phoenix.jdbc.SecureUserConnectionsTest)
Time elapsed: 0.023 sec <<< ERROR!
java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>:
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException:
Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingDestructiveLogins(SecureUserConnectionsTest.java:280)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingDestructiveLogins(SecureUserConnectionsTest.java:280)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingDestructiveLogins(SecureUserConnectionsTest.java:280)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingDestructiveLogins(SecureUserConnectionsTest.java:280)
testAlternatingLogins(org.apache.phoenix.jdbc.SecureUserConnectionsTest) Time
elapsed: 0.015 sec <<< ERROR!
java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingLogins(SecureUserConnectionsTest.java:234)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingLogins(SecureUserConnectionsTest.java:234)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingLogins(SecureUserConnectionsTest.java:234)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingLogins(SecureUserConnectionsTest.java:234)
testAlternatingConnectionsWithoutLogin(org.apache.phoenix.jdbc.SecureUserConnectionsTest)
Time elapsed: 0.019 sec <<< ERROR!
java.sql.SQLException: ERROR 103 (08004): Unable to establish connection.
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingConnectionsWithoutLogin(SecureUserConnectionsTest.java:347)
Caused by: java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>:
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException:
Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingConnectionsWithoutLogin(SecureUserConnectionsTest.java:347)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingConnectionsWithoutLogin(SecureUserConnectionsTest.java:347)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingConnectionsWithoutLogin(SecureUserConnectionsTest.java:347)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testAlternatingConnectionsWithoutLogin(SecureUserConnectionsTest.java:347)
testMultipleUniqueUGIInstancesAreDisjoint(org.apache.phoenix.jdbc.SecureUserConnectionsTest)
Time elapsed: 0.015 sec <<< ERROR!
java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleUniqueUGIInstancesAreDisjoint(SecureUserConnectionsTest.java:204)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleUniqueUGIInstancesAreDisjoint(SecureUserConnectionsTest.java:204)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleUniqueUGIInstancesAreDisjoint(SecureUserConnectionsTest.java:204)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleUniqueUGIInstancesAreDisjoint(SecureUserConnectionsTest.java:204)
testMultipleInvocationsBySameUserAreEquivalent(org.apache.phoenix.jdbc.SecureUserConnectionsTest)
Time elapsed: 0.014 sec <<< ERROR!
java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleInvocationsBySameUserAreEquivalent(SecureUserConnectionsTest.java:178)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleInvocationsBySameUserAreEquivalent(SecureUserConnectionsTest.java:178)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleInvocationsBySameUserAreEquivalent(SecureUserConnectionsTest.java:178)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleInvocationsBySameUserAreEquivalent(SecureUserConnectionsTest.java:178)
testMultipleConnectionsAsSameUser(org.apache.phoenix.jdbc.SecureUserConnectionsTest)
Time elapsed: 0.015 sec <<< ERROR!
java.io.IOException: Login failure for [email protected] from keytab
<https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/ws/phoenix-core/target/SecureUserConnectionsTest/keytabs/user1.keytab>:
javax.security.auth.login.LoginException: java.lang.IllegalArgumentException:
Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUser(SecureUserConnectionsTest.java:306)
Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: Illegal principal name [email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUser(SecureUserConnectionsTest.java:306)
Caused by: java.lang.IllegalArgumentException: Illegal principal name
[email protected]:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUser(SecureUserConnectionsTest.java:306)
Caused by:
org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No
rules applied to [email protected]
at
org.apache.phoenix.jdbc.SecureUserConnectionsTest.testMultipleConnectionsAsSameUser(SecureUserConnectionsTest.java:306)
{noformat}
https://builds.apache.org/job/Phoenix-4.8-HBase-1.0/3
> HBase/ZooKeeper connection leaks when providing principal/keytab in JDBC url
> ----------------------------------------------------------------------------
>
> Key: PHOENIX-3189
> URL: https://issues.apache.org/jira/browse/PHOENIX-3189
> Project: Phoenix
> Issue Type: Bug
> Affects Versions: 4.8.0
> Reporter: Josh Elser
> Assignee: Josh Elser
> Priority: Blocker
> Fix For: 4.9.0, 4.8.1
>
>
> We've been doing some more testing after PHOENIX-3126 and, with the help of
> [~arpitgupta] and [~harsha_ch], we've found an issue in a test between Storm
> and Phoenix.
> Storm was configured to create a JDBC Bolt, specifying the principal and
> keytab in the JDBC URL, relying on PhoenixDriver to do the Kerberos login for
> them. After PHOENIX-3126, a ZK server blacklisted the host running the bolt,
> and we observed that there were over 140 active ZK threads in the JVM.
> This results in a subtle change where every time the client tries to get a
> new Connection, we end up getting a new UGI instance (because the
> {{ConnectionQueryServicesImpl#openConnection()}} always does a new login).
> If users are correctly caching Connections, there isn't an issue (best as I
> can presently tell). However, if users rely on the getting the same
> connection every time (the pre-PHOENIX-3126), they will saturate their local
> JVM with connections and crash.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
