[
https://issues.apache.org/jira/browse/SENTRY-1265?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15291601#comment-15291601
]
Sravya Tirukkovalur commented on SENTRY-1265:
---------------------------------------------
Apart from test failures which I am fixing, I see "The forked VM terminated
without properly saying goodbye. VM crash or System.exit called?" Not entirely
sure what is causing that. Looking into it.
> Sentry service should not require a TGT as it is not talking to other
> kerberos services as a client
> ---------------------------------------------------------------------------------------------------
>
> Key: SENTRY-1265
> URL: https://issues.apache.org/jira/browse/SENTRY-1265
> Project: Sentry
> Issue Type: Bug
> Reporter: Sravya Tirukkovalur
> Assignee: Sravya Tirukkovalur
> Attachments: SENTRY-1265.0.patch, SENTRY-1265.1.patch,
> SENTRY-1265.2.patch, SENTRY-1265.3.patch, SENTRY-1265.4.patch
>
>
> As part of renewThread we are logging out the subject and relogging in. This
> is causing a client request to fail if it happens in this logout -login
> window.
> As only TGT needs renewal, we should never run the renewThread in Sentry
> given that Sentry never is a Kerberos Client to other Kerberos Services.
> Stack trace from sentry server if a client requests while server is renewing:
> {noformat}
> 2016-05-17 11:13:57,768 (pool-9-thread-2) [ERROR -
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:315)]
> SASL negotiation failure
> javax.security.sasl.SaslException: Failure to initialize security context
> [Caused by GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos credentails)]
> at
> com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:113)
> at
> com.sun.security.sasl.gsskerb.FactoryImpl.createSaslServer(FactoryImpl.java:85)
> at javax.security.sasl.Sasl.createSaslServer(Sasl.java:509)
> at
> org.apache.thrift.transport.TSaslServerTransport.handleSaslStartMessage(TSaslServerTransport.java:140)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos credentails)
> at
> sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:89)
> at
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:126)
> at
> sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:192)
> at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:406)
> at
> sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:60)
> at
> sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:153)
> at
> com.sun.security.sasl.gsskerb.GssKrb5Server.<init>(GssKrb5Server.java:96)
> ... 10 more
> 2016-05-17 11:13:57,769 (pool-9-thread-2) [ERROR -
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:296)]
> Error occurred during processing of message.
> java.lang.RuntimeException: org.apache.thrift.transport.TTransportException:
> Failure to initialize security context
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: org.apache.thrift.transport.TTransportException: Failure to
> initialize security context
> at
> org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> ... 4 more
> 2016-05-17 11:13:57,769 (pool-9-thread-2) [DEBUG -
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:218)]
> failed to open server transport
> org.apache.thrift.transport.TTransportException: Failure to initialize
> security context
> at
> org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
> at
> org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
> at
> org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:268)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> {noformat}
> Stack trace from the client:
> {noformat}
> 2016-05-17 11:13:57,769 (main) [DEBUG -
> org.apache.sentry.service.thrift.PoolClientInvocationHandler.invokeFromPool(PoolClientInvocationHandler.java:99)]
> Pool exception occured
> java.io.IOException: Transport exception while opening transport: Peer
> indicated failure: Failure to initialize security context
> at
> org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl.<init>(SentryPolicyServiceClientDefaultImpl.java:168)
> at
> org.apache.sentry.service.thrift.SentryServiceClientPoolFactory.create(SentryServiceClientPoolFactory.java:58)
> at
> org.apache.sentry.service.thrift.SentryServiceClientPoolFactory.create(SentryServiceClientPoolFactory.java:38)
> at
> org.apache.commons.pool2.BasePooledObjectFactory.makeObject(BasePooledObjectFactory.java:60)
> at
> org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:836)
> at
> org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:434)
> at
> org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:361)
> at
> org.apache.sentry.service.thrift.PoolClientInvocationHandler.invokeFromPool(PoolClientInvocationHandler.java:97)
> at
> org.apache.sentry.service.thrift.PoolClientInvocationHandler.invokeImpl(PoolClientInvocationHandler.java:70)
> at
> org.apache.sentry.service.thrift.SentryClientInvocationHandler.invoke(SentryClientInvocationHandler.java:41)
> at com.sun.proxy.$Proxy7.listRoles(Unknown Source)
> at
> org.apache.sentry.service.thrift.SentryServiceIntegrationBase$1.runTestAsSubject(SentryServiceIntegrationBase.java:227)
> at
> org.apache.sentry.service.thrift.SentryServiceIntegrationBase$3.run(SentryServiceIntegrationBase.java:358)
> at
> org.apache.sentry.service.thrift.SentryServiceIntegrationBase$3.run(SentryServiceIntegrationBase.java:355)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at
> org.apache.sentry.service.thrift.SentryServiceIntegrationBase.runTestAsSubject(SentryServiceIntegrationBase.java:355)
> at
> org.apache.sentry.service.thrift.SentryServiceIntegrationBase.after(SentryServiceIntegrationBase.java:223)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:45)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:42)
> at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:36)
> at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:263)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:68)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:47)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:231)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:60)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:229)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:50)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:222)
> at
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
> at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:30)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:300)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:367)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeWithRerun(JUnit4Provider.java:274)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:238)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:161)
> at
> org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:290)
> at
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:242)
> at
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:121)
> Caused by: org.apache.thrift.transport.TTransportException: Peer indicated
> failure: Failure to initialize security context
> at
> org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
> at
> org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:277)
> at
> org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
> at
> org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl$UgiSaslClientTransport.baseOpen(SentryPolicyServiceClientDefaultImpl.java:130)
> at
> org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl$UgiSaslClientTransport.open(SentryPolicyServiceClientDefaultImpl.java:108)
> at
> org.apache.sentry.provider.db.service.thrift.SentryPolicyServiceClientDefaultImpl.<init>(SentryPolicyServiceClientDefaultImpl.java:166)
> ... 43 more
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
