hasKerberosCredentials returns true, so the login must be based on a kerberos ticket. Perhaps it has expired? I guess you could a kdestroy followed by kinit…
Which slider version are you on? Is that error message at the bottom something you put in the code? I can’t find it in the codebase. > On May 28, 2015, at 1:18 PM, Yohan Bismuth <[email protected]> wrote: > > Yes i did > Le 28 mai 2015 19:15, "Jon Maron" <[email protected]> a écrit : > >> Did you actually log in (kinit) prior to invoking the slider client? >> You’ll need to do that in order to establish an identity for the AM launch. >> >>> On May 28, 2015, at 12:59 PM, Yohan Bismuth <[email protected]> >> wrote: >>> >>> Hi, >>> i'm facing an issue with Hbase in secure mode. >>> I followed the steps described on >>> http://slider.incubator.apache.org/docs/security.html >>> >>> i created my headless keytab (and the associated principals), which i >>> deployed on hdfs and when i start an hbase application, the keytab is >>> correctly packaged in the SliderAppMaster container under the keytabs >>> folder, but here is the problem: >>> >>> 2015-05-28 16:03:07,037 [main] INFO appmaster.SliderAppMaster - >> Connecting >>>> to RM at 1024,address tracking URL= >>>> http://a4-5d-36-fd-a1-7c.hpc.criteo.preprod:1025 >>>> 2015-05-28 16:03:07,065 [main] INFO appmaster.SliderAppMaster - Slider >> AM >>>> Security Mode: KEYTAB >>>> 2015-05-28 16:03:07,065 [main] INFO appmaster.SliderAppMaster - Token >>>> HDFS_DELEGATION_TOKEN >>>> 2015-05-28 16:03:07,065 [main] INFO appmaster.SliderAppMaster - Token >>>> YARN_AM_RM_TOKEN >>>> 2015-05-28 16:03:07,093 [main] INFO security.SecurityConfiguration - No >>>> host keytab file path specified. Will attempt to retrieve keytab file >>>> y.bismuth.keytab as a local resource for the container >>>> 2015-05-28 16:03:07,104 [main] INFO security.UserGroupInformation - >> Login >>>> successful for user y.bismuth using keytab file >>>> >> /hdfs/wwn/600508b1001c246eb94fcc5ff4d68b4e/yarn/data/usercache/y.bismuth/appcache/application_1432038882976_2039/container_e11_1432038882976_2039_01_000001/keytabs/y.bismuth.keytab >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - >> security >>>> enabled = true >>>> >>> >>> >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - >>>> <<<<<<SOME DEBUG >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - UGI = >>>> [email protected] (auth:KERBEROS) >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - >> isKeytab >>>> = false >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - tokens >> = >>>> [] >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - >>>> hasKerberosCredentials = true >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - >>>> credentials = org.apache.hadoop.security.Credentials@1cf2fed4 >>>> 2015-05-28 16:03:07,104 [main] INFO appmaster.SliderAppMaster - >>>> authentication method = KERBEROS >>>> 2015-05-28 16:03:07,111 [main] INFO appmaster.SliderAppMaster - config >> = >>>> Configuration: core-default.xml, core-site.xml, yarn-default.xml, >>>> yarn-site.xml, hdfs-default.xml, hdfs-site.xml, >>>> org/apache/slider/slider.xml, mapred-default.xml, mapred-site.xml >>>> 2015-05-28 16:03:07,111 [main] INFO appmaster.SliderAppMaster - SOME >>>> DEBUG>>>>> >>>> >>> >>> >>>> 2015-05-28 16:03:07,112 [main] ERROR main.ServiceLauncher - User is not >>>> based on a keytab in a secure deployment. >>> >>> >>> So as far as i can see, i'm logging in successfully using the keytab >>> packaged in the container, but the flag isKeytab, which should be set to >>> true in my UGI (i hope), is not, and i can't figure out why. Because of >>> that, my SliderAppMaster crash. >>> >>> Any idea ? >> >>
