[ 
https://issues.apache.org/jira/browse/METRON-1197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16540244#comment-16540244
 ] 

Nick Allen commented on METRON-1197:
------------------------------------

Unable to replicate currently.  May have been fixed indirectly by another 
JIRA/PR.

> Profiler topology fails to write profile data to hbase table on a kerberised 
> cluster
> ------------------------------------------------------------------------------------
>
>                 Key: METRON-1197
>                 URL: https://issues.apache.org/jira/browse/METRON-1197
>             Project: Metron
>          Issue Type: Bug
>    Affects Versions: 0.4.1
>            Reporter: Mohan
>            Assignee: Nick Allen
>            Priority: Major
>
> Profiler fails to write the profile data to hbase table , I see 
> 'javax.security.sasl.SaslException: GSS initiate failed' exception when the 
> profiler tries to write the data to hbase table .
> I tried publishing below message to 'indexing' topic  5 times 
> {code:java}
> { "ip_src_addr": "10.0.0.1", "protocol": "HTTPS", "length": "10", "bytes_in": 
> 234, "timestamp": "1505909543000" }
> {code}
> below is the output for the console consumer for 'indexing' topic 
> {code:java}
> [metron@nat-r7-fsvs-metron-1 bin]$ ./kafka-console-consumer.sh  --zookeeper 
> nat-r7-fsvs-metron-1.openstacklocal --topic indexing --security-protocol 
> PLAINTEXTSASL
> {metadata.broker.list=nat-r7-fsvs-metron-3.openstacklocal:6667,nat-r7-fsvs-metron-7.openstacklocal:6667,nat-r7-fsvs-metron-9.openstacklocal:6667,nat-r7-fsvs-metron-11.openstacklocal:6667,nat-r7-fsvs-metron-8.openstacklocal:6667,nat-r7-fsvs-metron-5.openstacklocal:6667,nat-r7-fsvs-metron-12.openstacklocal:6667,nat-r7-fsvs-metron-1.openstacklocal:6667,nat-r7-fsvs-metron-6.openstacklocal:6667,nat-r7-fsvs-metron-2.openstacklocal:6667,nat-r7-fsvs-metron-10.openstacklocal:6667,
>  request.timeout.ms=30000, client.id=console-consumer-83924, 
> security.protocol=PLAINTEXTSASL}
> { "ip_src_addr": "10.0.0.1", "protocol": "HTTPS", "length": "10", "bytes_in": 
> 234, "timestamp": "1505909543000" }
> { "ip_src_addr": "10.0.0.1", "protocol": "HTTPS", "length": "10", "bytes_in": 
> 234, "timestamp": "1505909543000" }
> { "ip_src_addr": "10.0.0.1", "protocol": "HTTPS", "length": "10", "bytes_in": 
> 234, "timestamp": "1505909543000" }
> { "ip_src_addr": "10.0.0.1", "protocol": "HTTPS", "length": "10", "bytes_in": 
> 234, "timestamp": "1505909543000" }
> { "ip_src_addr": "10.0.0.1", "protocol": "HTTPS", "length": "10", "bytes_in": 
> 234, "timestamp": "1505909543000" }
> {"period.start":1505916900000,"period":1673241,"enrichmentsplitterbolt.splitter.end.ts":"1505917778229","profile":"calender-effects","enrichmentsplitterbolt.splitter.begin.ts":"1505917778228","is_alert":"true","source.type":"profiler","threatintelsplitterbolt.splitter.end.ts":"1505917778234","threatinteljoinbolt.joiner.ts":"1505917778237","enrichmentjoinbolt.joiner.ts":"1505917778232","period.end":1505917800000,"threatintelsplitterbolt.splitter.begin.ts":"1505917778234","entity":"10.0.0.1","timestamp":1505917778104}
> {"period.start":1505916900000,"period":1673241,"enrichmentsplitterbolt.splitter.end.ts":"1505917778230","profile":"source_ip_counter","enrichmentsplitterbolt.splitter.begin.ts":"1505917778230","is_alert":"true","source.type":"profiler","threatintelsplitterbolt.splitter.end.ts":"1505917778235","threatinteljoinbolt.joiner.ts":"1505917778238","enrichmentjoinbolt.joiner.ts":"1505917778233","period.end":1505917800000,"threatintelsplitterbolt.splitter.begin.ts":"1505917778235","entity":"10.0.0.1","timestamp":1505917778105}
> {code}
> After waiting for the specified 'profiler.period.duration', When profiler 
> tries to write the data to hbase table Below is the exception on the profiler 
> worker log 
> {code:java}
> 2017-09-20 14:29:38.881 o.a.h.h.i.AbstractRpcClient [WARN] Exception 
> encountered while connecting to the server : 
> javax.security.sasl.SaslException: GSS initiate failed [Caused by 
> GSSException: No valid credentials provided (Mechanism level: Failed to find 
> any Kerberos tgt)]
> 2017-09-20 14:29:38.882 o.a.h.h.i.AbstractRpcClient [ERROR] SASL 
> authentication failed. The most likely cause is missing or invalid 
> credentials. Consider 'kinit'.
> javax.security.sasl.SaslException: GSS initiate failed
>       at 
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
>  ~[?:1.8.0_144]
>       at 
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:179)
>  ~[stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:609)
>  ~[stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$600(RpcClientImpl.java:154)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:735)
>  ~[stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:732)
>  ~[stormjar.jar:?]
>       at java.security.AccessController.doPrivileged(Native Method) 
> ~[?:1.8.0_144]
>       at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_144]
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
>  ~[stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:732)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:885)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:854)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1180) 
> [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:213)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:287)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:32651)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.ClientSmallScanner$SmallScannerCallable.call(ClientSmallScanner.java:201)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.ClientSmallScanner$SmallScannerCallable.call(ClientSmallScanner.java:180)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:200)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:369)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:343)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:126)
>  [stormjar.jar:?]
>       at 
> org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:64)
>  [stormjar.jar:?]
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  [?:1.8.0_144]
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  [?:1.8.0_144]
>       at java.lang.Thread.run(Thread.java:748) [?:1.8.0_144]
> Caused by: org.ietf.jgss.GSSException: No valid credentials provided 
> (Mechanism level: Failed to find any Kerberos tgt)
>       at 
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
>  ~[?:1.8.0_144]
>       at 
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
>  ~[?:1.8.0_144]
>       at 
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
>  ~[?:1.8.0_144]
>       at 
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224) 
> ~[?:1.8.0_144]
>       at 
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) 
> ~[?:1.8.0_144]
>       at 
> sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) 
> ~[?:1.8.0_144]
>       at 
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
>  ~[?:1.8.0_144]
>       ... 25 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to