Re: Avatica + GitHub Actions + Windows = AvaticaSpnegoTest - Principal: HTTP/stratum.antpool....@example.com is not known
The error is caused by private static final boolean USE_CANONICAL_HOSTNAME = true; in https://github.com/apache/calcite-avatica/blob/73fac75befaaf3caa3871656d0d0b7adbd91f7cf/core/src/main/java/org/apache/calcite/avatica/remote/AvaticaCommonsHttpClientSpnegoImpl.java#L58 In other words, httpclient is using the "canonical hostname" when sending the request rather than localhost. I guess the property should be configurable via connection URL. I've added -D for now. CI is OK, and it would be great if someone could create a connection parameter for configuring the use of "canonical hostname". Vladimir
Re: Avatica + GitHub Actions + Windows = AvaticaSpnegoTest - Principal: HTTP/stratum.antpool....@example.com is not known
It's strange that you see this on Windows. Everything should be using localhost in the tests. Maybe that means it's something specific to Windows? I don't know enough to say if that's a reasonable guess or not. The principal looked up stems from the hostname you issue a request to. e.g. if you try to SPNEGO with http://foobar.google.com, the client would look up HTTP/foobar.google.com in the KDC. On 11/11/19 3:54 PM, Vladimir Sitnikov wrote: localhost but the principal being looked up is FQDN. Where that FQDN is taken from? Vladimir
Re: Avatica + GitHub Actions + Windows = AvaticaSpnegoTest - Principal: HTTP/stratum.antpool....@example.com is not known
>localhost but the principal being looked up is FQDN. Where that FQDN is taken from? Vladimir
Re: Avatica + GitHub Actions + Windows = AvaticaSpnegoTest - Principal: HTTP/stratum.antpool....@example.com is not known
Yeah, the expectation is that all of the tests are using localhost (to specifically avoid issues around trying to pull the FQDN and relying on the developer to have specific setups). On Mon, Nov 11, 2019 at 3:38 PM Kevin Risden wrote: > > > > > 2019-11-10 21:29:30,443 [pool-1-thread-2] ERROR - Principal: HTTP/ > > stratum.antpool@example.com is not known > > 2019-11-10 21:29:30,459 [Test worker] WARN - NEGOTIATE authentication > > error: No valid credentials provided (Mechanism level: No valid credentials > > provided (Mechanism level: Server not found in Kerberos database (7) - > > Server not found in Kerberos database)) > > > Usually means DNS or the SPN being acquired is not correct. Should look at > the test and see if it is trying to something like localhost and instead > doing FQDN instead. Looks like > https://github.com/apache/calcite-avatica/blob/master/server/src/test/java/org/apache/calcite/avatica/SpnegoTestUtil.java#L58 > does > localhost but the principal being looked up is FQDN. > Kevin Risden > > > > On Sun, Nov 10, 2019 at 4:53 PM Vladimir Sitnikov < > sitnikov.vladi...@gmail.com> wrote: > > > Hi, > > > > I've added GitHub Actions for CI, and it looks like AvaticaSpnegoTest fails > > again. > > > > The failure is the same for Maven and Gradle, so I expect it is not caused > > by Gradle migration > > > > Maven: https://github.com/vlsi/calcite-avatica/runs/296688961#step:4:31296 > > Gradle: > > > > https://github.com/vlsi/calcite-avatica/commit/d1bb6f04c905ed65931800cde0af6a9899e585b6/checks?check_suite_id=304254116#step:4:117 > > > > org.apache.calcite.avatica.AvaticaSpnegoTest > testAuthenticatedClient[0] > > STANDARD_OUT > > 2019-11-10 21:29:29,707 [pool-1-thread-1] INFO - The preauth data is > > empty. > > 2019-11-10 21:29:29,707 [pool-1-thread-1] INFO - KRB error occurred > > while processing request: Additional pre-authentication required > > 2019-11-10 21:29:29,785 [pool-1-thread-2] INFO - AS_REQ ISSUE: > > authtime 1573421369770,cli...@example.com for krbtgt/ > > example@example.com > > 2019-11-10 21:29:30,443 [pool-1-thread-2] ERROR - Principal: HTTP/ > > stratum.antpool@example.com is not known > > 2019-11-10 21:29:30,459 [Test worker] WARN - NEGOTIATE authentication > > error: No valid credentials provided (Mechanism level: No valid credentials > > provided (Mechanism level: Server not found in Kerberos database (7) - > > Server not found in Kerberos database)) > > > > org.apache.calcite.avatica.AvaticaSpnegoTest > testAuthenticatedClient[0] > > FAILED > > java.lang.RuntimeException: Failed to execute HTTP Request, got > > HTTP/401 > > at > > > > org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl.send(AvaticaCommonsHttpClientSpnegoImpl.java:134) > > at > > > > org.apache.calcite.avatica.remote.RemoteService.apply(RemoteService.java:34) > > at > > org.apache.calcite.avatica.remote.JsonService.apply(JsonService.java:172) > > at > > org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176) > > at > > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677) > > at > > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:251) > > at > > > > org.apache.calcite.avatica.AvaticaSpnegoTest$1.run(AvaticaSpnegoTest.java:225) > > at > > > > org.apache.calcite.avatica.AvaticaSpnegoTest$1.run(AvaticaSpnegoTest.java:223) > > at java.base/java.security.AccessController.doPrivileged(Native > > Method) > > at java.base/javax.security.auth.Subject.doAs(Subject.java:423) > > at > > > > org.apache.calcite.avatica.AvaticaSpnegoTest.testAuthenticatedClient(AvaticaSpnegoTest.java:223) > > > > Is it something known? > > > > PS. The failure is only for GitHub Actions + Windows. GitHub Actions macOS > > test passes. > > > > Vladimir > >
Re: Avatica + GitHub Actions + Windows = AvaticaSpnegoTest - Principal: HTTP/stratum.antpool....@example.com is not known
> > 2019-11-10 21:29:30,443 [pool-1-thread-2] ERROR - Principal: HTTP/ > stratum.antpool@example.com is not known > 2019-11-10 21:29:30,459 [Test worker] WARN - NEGOTIATE authentication > error: No valid credentials provided (Mechanism level: No valid credentials > provided (Mechanism level: Server not found in Kerberos database (7) - > Server not found in Kerberos database)) Usually means DNS or the SPN being acquired is not correct. Should look at the test and see if it is trying to something like localhost and instead doing FQDN instead. Looks like https://github.com/apache/calcite-avatica/blob/master/server/src/test/java/org/apache/calcite/avatica/SpnegoTestUtil.java#L58 does localhost but the principal being looked up is FQDN. Kevin Risden On Sun, Nov 10, 2019 at 4:53 PM Vladimir Sitnikov < sitnikov.vladi...@gmail.com> wrote: > Hi, > > I've added GitHub Actions for CI, and it looks like AvaticaSpnegoTest fails > again. > > The failure is the same for Maven and Gradle, so I expect it is not caused > by Gradle migration > > Maven: https://github.com/vlsi/calcite-avatica/runs/296688961#step:4:31296 > Gradle: > > https://github.com/vlsi/calcite-avatica/commit/d1bb6f04c905ed65931800cde0af6a9899e585b6/checks?check_suite_id=304254116#step:4:117 > > org.apache.calcite.avatica.AvaticaSpnegoTest > testAuthenticatedClient[0] > STANDARD_OUT > 2019-11-10 21:29:29,707 [pool-1-thread-1] INFO - The preauth data is > empty. > 2019-11-10 21:29:29,707 [pool-1-thread-1] INFO - KRB error occurred > while processing request: Additional pre-authentication required > 2019-11-10 21:29:29,785 [pool-1-thread-2] INFO - AS_REQ ISSUE: > authtime 1573421369770,cli...@example.com for krbtgt/ > example@example.com > 2019-11-10 21:29:30,443 [pool-1-thread-2] ERROR - Principal: HTTP/ > stratum.antpool@example.com is not known > 2019-11-10 21:29:30,459 [Test worker] WARN - NEGOTIATE authentication > error: No valid credentials provided (Mechanism level: No valid credentials > provided (Mechanism level: Server not found in Kerberos database (7) - > Server not found in Kerberos database)) > > org.apache.calcite.avatica.AvaticaSpnegoTest > testAuthenticatedClient[0] > FAILED > java.lang.RuntimeException: Failed to execute HTTP Request, got > HTTP/401 > at > > org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl.send(AvaticaCommonsHttpClientSpnegoImpl.java:134) > at > > org.apache.calcite.avatica.remote.RemoteService.apply(RemoteService.java:34) > at > org.apache.calcite.avatica.remote.JsonService.apply(JsonService.java:172) > at > org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176) > at > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677) > at > java.sql/java.sql.DriverManager.getConnection(DriverManager.java:251) > at > > org.apache.calcite.avatica.AvaticaSpnegoTest$1.run(AvaticaSpnegoTest.java:225) > at > > org.apache.calcite.avatica.AvaticaSpnegoTest$1.run(AvaticaSpnegoTest.java:223) > at java.base/java.security.AccessController.doPrivileged(Native > Method) > at java.base/javax.security.auth.Subject.doAs(Subject.java:423) > at > > org.apache.calcite.avatica.AvaticaSpnegoTest.testAuthenticatedClient(AvaticaSpnegoTest.java:223) > > Is it something known? > > PS. The failure is only for GitHub Actions + Windows. GitHub Actions macOS > test passes. > > Vladimir >
Avatica + GitHub Actions + Windows = AvaticaSpnegoTest - Principal: HTTP/stratum.antpool....@example.com is not known
Hi, I've added GitHub Actions for CI, and it looks like AvaticaSpnegoTest fails again. The failure is the same for Maven and Gradle, so I expect it is not caused by Gradle migration Maven: https://github.com/vlsi/calcite-avatica/runs/296688961#step:4:31296 Gradle: https://github.com/vlsi/calcite-avatica/commit/d1bb6f04c905ed65931800cde0af6a9899e585b6/checks?check_suite_id=304254116#step:4:117 org.apache.calcite.avatica.AvaticaSpnegoTest > testAuthenticatedClient[0] STANDARD_OUT 2019-11-10 21:29:29,707 [pool-1-thread-1] INFO - The preauth data is empty. 2019-11-10 21:29:29,707 [pool-1-thread-1] INFO - KRB error occurred while processing request: Additional pre-authentication required 2019-11-10 21:29:29,785 [pool-1-thread-2] INFO - AS_REQ ISSUE: authtime 1573421369770,cli...@example.com for krbtgt/example@example.com 2019-11-10 21:29:30,443 [pool-1-thread-2] ERROR - Principal: HTTP/ stratum.antpool@example.com is not known 2019-11-10 21:29:30,459 [Test worker] WARN - NEGOTIATE authentication error: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - Server not found in Kerberos database)) org.apache.calcite.avatica.AvaticaSpnegoTest > testAuthenticatedClient[0] FAILED java.lang.RuntimeException: Failed to execute HTTP Request, got HTTP/401 at org.apache.calcite.avatica.remote.AvaticaCommonsHttpClientSpnegoImpl.send(AvaticaCommonsHttpClientSpnegoImpl.java:134) at org.apache.calcite.avatica.remote.RemoteService.apply(RemoteService.java:34) at org.apache.calcite.avatica.remote.JsonService.apply(JsonService.java:172) at org.apache.calcite.avatica.remote.Driver.connect(Driver.java:176) at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:677) at java.sql/java.sql.DriverManager.getConnection(DriverManager.java:251) at org.apache.calcite.avatica.AvaticaSpnegoTest$1.run(AvaticaSpnegoTest.java:225) at org.apache.calcite.avatica.AvaticaSpnegoTest$1.run(AvaticaSpnegoTest.java:223) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/javax.security.auth.Subject.doAs(Subject.java:423) at org.apache.calcite.avatica.AvaticaSpnegoTest.testAuthenticatedClient(AvaticaSpnegoTest.java:223) Is it something known? PS. The failure is only for GitHub Actions + Windows. GitHub Actions macOS test passes. Vladimir