[
https://issues.apache.org/jira/browse/STORM-1647?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16059501#comment-16059501
]
Sandeep Nemuri commented on STORM-1647:
---------------------------------------
Log says AccessDeniedException , We'd need to grant permissions in hbase for
this user to access the table.
> AutoHBase doesn't send delegation token
> ---------------------------------------
>
> Key: STORM-1647
> URL: https://issues.apache.org/jira/browse/STORM-1647
> Project: Apache Storm
> Issue Type: Bug
> Affects Versions: 0.10.0
> Reporter: Matt McDowell
>
> When submitting a topology, Nimbus appears to pick up the delegation tokens
> as expected (the second log line is a call I added for testing this):
> {code:title=nimbus.log}
> 2016-03-22 12:54:55.159 o.a.s.h.s.AutoHBase [INFO] Logged into Hbase as
> principal = [email protected]
> 2016-03-22 12:54:55.160 o.a.s.h.s.AutoHBase [INFO] AutoHBase proxyUser:
> [email protected] (auth:PROXY) via
> [email protected] (auth:KERBEROS)
> 2016-03-22 12:54:55.971 o.a.s.h.s.AutoHBase [INFO] Obtained HBase tokens,
> adding to user credentials.
> {code}
> However, when my bolt starts up, it attempts to write to HBASE as storm
> instead of flurry:
> {code:title=Flurry-1-1458664951-worker-6700.log}
> 2016-03-22 16:48:10.506 b.s.d.executor [ERROR]
> org.apache.hadoop.hbase.client.RetriesExhaustedWithDetailsException: Failed 1
> action: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient
> permissions ([email protected], scope=########,
> family=##############, params=[table=########,family=########],action=WRITE)
> {code}
> if I go into SecurityAuth.audit, the HBASE regionserver receives a simple
> token instead of a proxy token:
> {code:title=SecurityAuth.audit}
> 2016-03-22 16:55:20,903 INFO SecurityLogger.org.apache.hadoop.hbase.Server:
> Connection from ##.##.##.## port: 35551 with unknown version info
> 2016-03-22 16:55:20,903 INFO
> SecurityLogger.org.apache.hadoop.security.authorize.ServiceAuthorizationManager:
> Authorization successful for [email protected] (auth:TOKEN)
> for protocol=interface
> org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingInterface
> {code}
> For reference, core-site.xml:
> {code:title=core-site.xml}
> hadoop.proxyuser.storm.groups = flurry
> hadoop.proxyuser.storm.hosts = *
> {code}
> And storm.yaml:
> {code:title=storm.yaml}
> hbase.kerberos.principal : '[email protected]'
> hbase.keytab.file : '/etc/security/keytabs/storm.headless.keytab'
> nimbus.autocredential.plugins.classes :
> ['org.apache.storm.hbase.security.AutoHBase']
> nimbus.credential.renewers.classes :
> ['org.apache.storm.hbase.security.AutoHBase']
> nimbus.credential.renewers.freq.secs : 82800
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
