[jira] [Commented] (STORM-1521) When using Kerberos login from keytab with multiple bolts/executors ticket is not renewed

Wed, 03 Feb 2016 07:02:10 -0800 

    [ 
https://issues.apache.org/jira/browse/STORM-1521?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15130523#comment-15130523
 ] 

Dan Bahir commented on STORM-1521:
----------------------------------

Issue is that current code executes a login from keytab for every instance of 
the HBase bolt, in a multi threaded environment that corrupts the UGI and the 
ticket is not renewed.

Added checks around login when using keytab to make sure that is only happens 
once per process.

https://github.com/apache/storm/pull/1064



> When using Kerberos login from keytab with multiple bolts/executors ticket is 
> not renewed
> -----------------------------------------------------------------------------------------
>
>                 Key: STORM-1521
>                 URL: https://issues.apache.org/jira/browse/STORM-1521
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-hbase
>    Affects Versions: 0.10.0, 0.9.5
>            Reporter: Dan Bahir
>            Assignee: Dan Bahir
>
> When logging in with a keytab, if the topology has more than one instance of 
> an HBase bolt then the ticket will not be automatically renewed.
> Expected: The ticket will be automatically renewed and the bolt will be able 
> to write to the database.
> Actual: The ticket is not renewed and the bolt loses access to HBase.
> Note when there is only one bolt with one executor is renews correctly.
> Exception in bolt is:
> 2015-12-18T09:41:13.862-0500 o.a.h.s.UserGroupInformation [ERROR] 
> PriviledgedActionException as:u...@somewhere.com 
> cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any
>  Kerberos tgt)]
> 2015-12-18T09:41:13.862-0500 o.a.h.i.RpcClient [WARN] Exception encountered 
> while connecting to the server : javax.security.sasl.SaslException: GSS 
> initiate
>  failed [Caused by GSSException: No valid credentials provided (Mechanism 
> level:
>  Failed to find any Kerberos tgt)]
> 2015-12-18T09:41:13.863-0500 o.a.h.i.RpcClient [ERROR] SASL authentication 
> failed. The most likely cause is missing or invalid credentials. Consider 
> 'kinit'.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to