[jira] [Updated] (METRON-1813) Stellar REPL Not Initialized with Client JAAS

Tue, 11 Dec 2018 08:10:35 -0800 


     [ 
https://issues.apache.org/jira/browse/METRON-1813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Justin Leet updated METRON-1813:
--------------------------------
    Fix Version/s: 0.7.0

> Stellar REPL Not Initialized with Client JAAS
> ---------------------------------------------
>
>                 Key: METRON-1813
>                 URL: https://issues.apache.org/jira/browse/METRON-1813
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>            Assignee: Nick Allen
>            Priority: Major
>             Fix For: 0.7.0
>
>
> Running a function like `KAFKA_GET` in the Stellar REPL does not work in a 
> kerberized environment.
> h3. Steps to Replicate
> 1. Deploy Metron in a kerberized environment.
> 2. Launch the REPL.
> {code}
> source /etc/default/metron 
> $METRON_HOME/bin/stellar -z $ZOOKEEPER
> {code}
> 3. Attempt to get a message from Kafka.
> {code} 
> [Stellar]>>> conf := \{ 
> "group.id":"bro_parser","security.protocol":"SASL_PLAINTEXT" } 
> \{security.protocol=SASL_PLAINTEXT, group.id=bro_parser} [Stellar]>>> 
> KAFKA_GET("bro", 10, conf) [!] Unable to parse: KAFKA_GET("bro", 10, conf) 
> due to: Failed to construct kafka consumer with relevant variables 
> conf=\{security.protocol=SASL_PLAINTEXT, group.id=bro_parser} 
> org.apache.metron.stellar.dsl.ParseException: Unable to parse: 
> KAFKA_GET("bro", 10, conf) due to: Failed to construct kafka consumer with 
> relevant variables conf=\{security.protocol=SASL_PLAINTEXT, 
> group.id=bro_parser} at 
> org.apache.metron.stellar.common.BaseStellarProcessor.createException(BaseStellarProcessor.java:173)
>  at 
> org.apache.metron.stellar.common.BaseStellarProcessor.parse(BaseStellarProcessor.java:154)
>  at 
> org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.executeStellar(DefaultStellarShellExecutor.java:405)
>  at 
> org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.execute(DefaultStellarShellExecutor.java:257)
>  at 
> org.apache.metron.stellar.common.shell.cli.StellarShell.execute(StellarShell.java:357)
>  at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53) at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
>  at java.lang.Thread.run(Thread.java:748) Caused by: 
> org.apache.kafka.common.KafkaException: Failed to construct kafka consumer at 
> org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:702)
>  at 
> org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:587)
>  at 
> org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:569)
>  at 
> org.apache.metron.management.KafkaFunctions$KafkaGet.getMessages(KafkaFunctions.java:227)
>  at 
> org.apache.metron.management.KafkaFunctions$KafkaGet.apply(KafkaFunctions.java:209)
>  at 
> org.apache.metron.stellar.common.StellarCompiler.lambda$exitTransformationFunc$13(StellarCompiler.java:652)
>  at 
> org.apache.metron.stellar.common.StellarCompiler$Expression.apply(StellarCompiler.java:250)
>  at 
> org.apache.metron.stellar.common.BaseStellarProcessor.parse(BaseStellarProcessor.java:151)
>  ... 7 more Caused by: org.apache.kafka.common.KafkaException: 
> org.apache.kafka.common.KafkaException: Jaas configuration not found at 
> org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86)
>  at 
> org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:71)
>  at 
> org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83)
>  at 
> org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:623)
>  ... 14 more Caused by: org.apache.kafka.common.KafkaException: Jaas 
> configuration not found at 
> org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:299)
>  at 
> org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:103)
>  at 
> org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:45)
>  at 
> org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68)
>  at 
> org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78)
>  ... 17 more Caused by: java.io.IOException: Could not find a 'KafkaClient' 
> entry in this configuration. at 
> org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:50) at 
> org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:297)
>  ... 21 more 
> [Stellar]>>> 
> {code}
> h3. Root Cause
> When the Stellar REPL is launched in a Kerberized environment, it needs to 
> have the Client JAAS passed to it so that Stellar functions can access 
> resources like Kafka. The JVM running the REPL never gets passed the 
> "-Djava.security.auth.login.config=/usr/hcp/current/metron/client_jaas.conf" 
> JVM arg. This is needed to access resources in a Kerberized environment.
> As a work around, the `$METRON_HOME/bin/stellar` script can be modified so 
> that the following arg is passed to the JVM running the Stellar REPL: 
> `-Djava.security.auth.login.config=/usr/hcp/current/metron/client_jaas.conf`



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to