[jira] [Updated] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment

Tue, 23 Jan 2018 13:09:42 -0800 

     [ 
https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yolanda M. Davis updated AMBARI-22505:
--------------------------------------
       Resolution: Fixed
    Fix Version/s: 2.6.1
           Status: Resolved  (was: Patch Available)

This patch was merged on 11/30/2017

> Kafka service check fails when using a non-root user in kerberized environment
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-22505
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22505
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>    Affects Versions: 2.6.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
>            Priority: Major
>             Fix For: 2.6.1
>
>         Attachments: AMBARI-22505.patch
>
>
> When Ambari agents are configured to run with a non-root user, if kerberos is 
> enabled, Kafka service check experiences errors in the logs which indicate 
> that the check is attempting to create a topic that already exists.  However 
> the true failure, which isn't in the logs but captured in an error variable, 
> demonstrates the culprit (see below):
> [2017-11-22 05:12:57,029] WARN SASL configuration failed: 
> javax.security.auth.login.LoginException: No password provided Will continue 
> connection to Zookeeper server without SASL authentication, if Zookeeper 
> server allows it. (org.apache.zookeeper.ClientCnxn)
> Exception in thread "main" 
> org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication failure
>       at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947)
>       at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924)
>       at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231)
>       at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:157)
>       at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:131)
>       at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115)
>       at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97)
>       at kafka.admin.TopicCommand$.main(TopicCommand.scala:56)
>       at kafka.admin.TopicCommand.main(TopicCommand.scala)
> This occurs because a prior check to see if the topic exists is not executed 
> as the kafka user. A subsequent call to create the topic does execute as that 
> user.  The first check should also execute as the kakfa user.  Also Ambari 
> should immediately raise a failure if an error occurs during the topic check 
> and show that error in the logs.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to