[jira] [Updated] (HADOOP-14636) TestKDiag failing intermittently on Jenkins/Yetus at login from keytab
[
https://issues.apache.org/jira/browse/HADOOP-14636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-14636:
Environment:
{code}
user.name = "jenkins"
java.version = "1.8.0_131"
java.security.krb5.conf =
"/testptch/hadoop/hadoop-common-project/hadoop-common/target/1499472499650/krb5.conf"
kdc.resource.dir = "src/test/resources/kdc"
hadoop.kerberos.kinit.command = "kinit"
hadoop.security.authentication = "KERBEROS"
hadoop.security.authorization = "false"
hadoop.kerberos.min.seconds.before.relogin = "60"
hadoop.security.dns.interface = "(unset)"
hadoop.security.dns.nameserver = "(unset)"
hadoop.rpc.protection = "authentication"
hadoop.security.saslproperties.resolver.class = "(unset)"
hadoop.security.crypto.codec.classes = "(unset)"
hadoop.security.group.mapping =
"org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback"
hadoop.security.impersonation.provider.class = "(unset)"
dfs.data.transfer.protection = "(unset)"
dfs.data.transfer.saslproperties.resolver.class = "(unset)"
2017-07-08 00:08:20,381 WARN security.KDiag (KDiag.java:execute(365)) - The
default cluster security is insecure
{code}
> TestKDiag failing intermittently on Jenkins/Yetus at login from keytab
> --
>
> Key: HADOOP-14636
> URL: https://issues.apache.org/jira/browse/HADOOP-14636
> Project: Hadoop Common
> Issue Type: Bug
> Components: security, test
>Affects Versions: 3.0.0-beta1
> Environment: {code}
> user.name = "jenkins"
> java.version = "1.8.0_131"
> java.security.krb5.conf =
> "/testptch/hadoop/hadoop-common-project/hadoop-common/target/1499472499650/krb5.conf"
> kdc.resource.dir = "src/test/resources/kdc"
> hadoop.kerberos.kinit.command = "kinit"
> hadoop.security.authentication = "KERBEROS"
> hadoop.security.authorization = "false"
> hadoop.kerberos.min.seconds.before.relogin = "60"
> hadoop.security.dns.interface = "(unset)"
> hadoop.security.dns.nameserver = "(unset)"
> hadoop.rpc.protection = "authentication"
> hadoop.security.saslproperties.resolver.class = "(unset)"
> hadoop.security.crypto.codec.classes = "(unset)"
> hadoop.security.group.mapping =
> "org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback"
> hadoop.security.impersonation.provider.class = "(unset)"
> dfs.data.transfer.protection = "(unset)"
> dfs.data.transfer.saslproperties.resolver.class = "(unset)"
> 2017-07-08 00:08:20,381 WARN security.KDiag (KDiag.java:execute(365)) - The
> default cluster security is insecure
> {code}
>Reporter: Steve Loughran
>Priority: Minor
> Attachments: output.txt
>
>
> The test {{TestKDiag}} is failing intermittently on Yetus builds,
> {code}
> org.apache.hadoop.security.KerberosAuthException: Login failure for user:
> f...@example.com from keytab
> /testptch/hadoop/hadoop-common-project/hadoop-common/target/keytab
> javax.security.auth.login.LoginException: Unable to obtain password from user
> {code}
> The tests that fail are all trying to log in using a keytab just created, the
> JVM isn't having any of it.
> Possible causes? I can think of a few to start with
> # keytab generation
> # keytab path parameter wrong
> # JVM isn't doing the login
> # some race condition
> # Host OS
> # Other environment issues (clock, network...)
> There's no recent changes in the kdiag or UGI code.
> The failure is intermittent, not surfacing for me (others?) locally, which
> which could point at: JVM, host OS, race condition, other env issues.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Updated] (HADOOP-14636) TestKDiag failing intermittently on Jenkins/Yetus at login from keytab
[
https://issues.apache.org/jira/browse/HADOOP-14636?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-14636:
Attachment: output.txt
Attached: fulll test output.
Looks like there isn't a f...@example.com file in the keytab, which would of
course explain why the keytab login failed.
(side issue, {{java.library.path}} has an unexpanded env var in it; assume
unrelated, but possibly of interest to [~aw].
{code}
java.library.path =
"${env.LD_LIBRARY_PATH}:/testptch/hadoop/hadoop-common-project/hadoop-common/target/native/target/usr/local/lib:/testptch/hadoop/hadoop-common-project/hadoop-common/../../hadoop-common-project/hadoop-common/target/native/target/usr/local/lib:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib"
{code}
> TestKDiag failing intermittently on Jenkins/Yetus at login from keytab
> --
>
> Key: HADOOP-14636
> URL: https://issues.apache.org/jira/browse/HADOOP-14636
> Project: Hadoop Common
> Issue Type: Bug
> Components: security, test
>Affects Versions: 3.0.0-beta1
>Reporter: Steve Loughran
>Priority: Minor
> Attachments: output.txt
>
>
> The test {{TestKDiag}} is failing intermittently on Yetus builds,
> {code}
> org.apache.hadoop.security.KerberosAuthException: Login failure for user:
> f...@example.com from keytab
> /testptch/hadoop/hadoop-common-project/hadoop-common/target/keytab
> javax.security.auth.login.LoginException: Unable to obtain password from user
> {code}
> The tests that fail are all trying to log in using a keytab just created, the
> JVM isn't having any of it.
> Possible causes? I can think of a few to start with
> # keytab generation
> # keytab path parameter wrong
> # JVM isn't doing the login
> # some race condition
> # Host OS
> # Other environment issues (clock, network...)
> There's no recent changes in the kdiag or UGI code.
> The failure is intermittent, not surfacing for me (others?) locally, which
> which could point at: JVM, host OS, race condition, other env issues.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
-
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
