Hi,
I have a Java UDF using IBM Java trying to update hive metastore using
IMetastoreClient api with Atlas Hive hook enabled. This setup works if
there in no kerberos. Once I enable kerberos on HDP 2.6.3 then I see the
following exception in my application log
2017-10-24 20:35:18,835 ERROR - Failed to notify atlas for entity
[[{Id='(type: hive_db, id: <unassigned>)', traits=[], values={owner=bigsql,
ownerType=1, qualifiedName=tpcdsorc1000@bigsql502, clusterName=bigsql502,
name=tpcdsorc1000, description=null, location=hdfs:// big.ibm.com
:8020/apps/hive/warehouse/tpcdsorc1000.db, parameters={biginsights.sql.
metadata={"v":1,"source":"BIGSQL","version":"4.0"}}}}, {Id='(type:
hive_table, id: <unassigned>)', traits=[], values={owner=bigsql,
temporary=false, lastAccessTime=Tue Oct 24 20:33:50 PDT 2017,
qualifiedName=tpcdsorc1000.inventory@bigsql502, columns=[{Id='(type:
hive_column, id: <unassigned>)', traits=[], values={owner=bigsql,
qualifiedName=tpcdsorc1000.inventory.inv_date_sk@bigsql502,
name=inv_date_sk, comment=/*@notnull=true*/, position=0, type=int,
table=(type: hive_table, id: <unassigned>)}}, {Id='(type: hive_column, id:
<unassigned>)', traits=[], values={owner=bigsql, qualifiedName=tpcdsorc1000.
inventory.inv_item_sk@bigsql502, name=inv_item_sk,
comment=/*@notnull=true*/, position=1, type=int, table=(type: hive_table,
id: <unassigned>)}}, {Id='(type: hive_column, id: <unassigned>)',
traits=[], values={owner=bigsql, qualifiedName=tpcdsorc1000.
inventory.inv_warehouse_sk@bigsql502, name=inv_warehouse_sk,
comment=/*@notnull=true*/, position=2, type=int, table=(type: hive_table,
id: <unassigned>)}}, {Id='(type: hive_column, id: <unassigned>)',
traits=[], values={owner=bigsql, qualifiedName=tpcdsorc1000.
inventory.inv_quantity_on_hand@bigsql502, name=inv_quantity_on_hand,
comment=null, position=3, type=bigint, table=(type: hive_table, id:
<unassigned>)}}], sd={Id='(type: hive_storagedesc, id: <unassigned>)',
traits=[], values={qualifiedName=tpcdsorc1000.inventory@bigsql502_storage,
storedAsSubDirectories=false, location=hdfs:// big.ibm.com
:8020/apps/hive/warehouse/tpcdsorc1000.db/inventory, compressed=false,
inputFormat=org.apache.hadoop.hive.ql.io.orc.OrcInputFormat,
outputFormat=org.apache.hadoop.hive.ql.io.orc.OrcOutputFormat,
parameters={}, serdeInfo=org.apache.atlas.typesystem.Struct@ce6e4ca1,
table=(type: hive_table, id: <unassigned>), numBuckets=-1}},
tableType=MANAGED_TABLE, createTime=Tue Oct 24 20:33:50 PDT 2017,
name=inventory, comment=null, partitionKeys=[],
parameters={last_modified_time=1508902492,
totalSize=0, biginsights.sql.constraints=[{"v":1,"type":"pk","name":"
SQL1508902429946","trusted":true,"optimize":true,"enforce"
:false,"cols":["INV_DATE_SK","INV_ITEM_SK","INV_WAREHOUSE_
SK"]},{"v":1,"type":"fk","name":"FK1","trusted":true,"
optimize":true,"enforce":false,"cols":["INV_DATE_SK"],"
fscm":"TPCDSORC1000","ftab":"DATE_DIM","fcols":["D_DATE_SK"
]},{"v":1,"type":"fk","name":"FK2","trusted":true,"optimize"
:true,"enforce":false,"cols":["INV_ITEM_SK"],"fscm":"
TPCDSORC1000","ftab":"ITEM","fcols":["I_ITEM_SK"]},{"v":1,"
type":"fk","name":"FK3","trusted":true,"optimize":true,
"enforce":false,"cols":["INV_WAREHOUSE_SK"],"fscm":"TPCDSORC1000","ftab":"
WAREHOUSE","fcols":["W_WAREHOUSE_SK"]}], numFiles=0,
transient_lastDdlTime=1508902492,
last_modified_by=bigsql, biginsights.sql.metadata={"v":
1,"source":"BIGSQL","version":"4.0"}}, retention=0, db={Id='(type: hive_db,
id: <unassigned>)', traits=[], values={owner=bigsql, ownerType=1,
qualifiedName=tpcdsorc1000@bigsql502, clusterName=bigsql502,
name=tpcdsorc1000, description=null, location=hdfs:// big.ibm.com
:8020/apps/hive/warehouse/tpcdsorc1000.db, parameters={biginsights.sql.
metadata={"v":1,"source":"BIGSQL","version":"4.0"}}}}}}]] after 3 retries.
Quitting
org.apache.kafka.common.KafkaException: Failed to construct kafka producer
at org.apache.kafka.clients.producer.KafkaProducer.<init>(
KafkaProducer.java:338)
at org.apache.kafka.clients.producer.KafkaProducer.<init>(
KafkaProducer.java:188)
at org.apache.atlas.kafka.KafkaNotification.createProducer(
KafkaNotification.java:289)
at org.apache.atlas.kafka.KafkaNotification.sendInternal(
KafkaNotification.java:210)
at org.apache.atlas.notification.AbstractNotification.send(
AbstractNotification.java:84)
at org.apache.atlas.hook.AtlasHook.notifyEntitiesInternal(
AtlasHook.java:133)
at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:118)
at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:171)
at org.apache.atlas.hive.hook.HiveHook.access$300(HiveHook.java:83)
at org.apache.atlas.hive.hook.HiveHook$3.run(HiveHook.java:221)
at java.security.AccessController.doPrivileged(
AccessController.java:686)
at javax.security.auth.Subject.doAs(Subject.java:569)
at org.apache.hadoop.security.UserGroupInformation.doAs(
UserGroupInformation.java:1866)
at org.apache.atlas.hive.hook.HiveHook.notifyAsPrivilegedAction(
HiveHook.java:233)
at org.apache.atlas.hive.hook.HiveHook$2.run(HiveHook.java:203)
at java.util.concurrent.Executors$RunnableAdapter.
call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at java.util.concurrent.ThreadPoolExecutor.runWorker(
ThreadPoolExecutor.java:1153)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(
ThreadPoolExecutor.java:628)
at java.lang.Thread.run(Thread.java:785)
Caused by: org.apache.kafka.common.KafkaException:
javax.security.auth.login.LoginException: unable to find LoginModule class:
com.sun.security.auth.module.Krb5LoginModule
at org.apache.kafka.common.network.SaslChannelBuilder.
configure(SaslChannelBuilder.java:86)
at org.apache.kafka.common.network.ChannelBuilders.
create(ChannelBuilders.java:71)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(
ClientUtils.java:85)
at org.apache.kafka.clients.producer.KafkaProducer.<init>(
KafkaProducer.java:302)
... 19 more
Caused by: javax.security.auth.login.LoginException: unable to find
LoginModule class: com.sun.security.auth.module.Krb5LoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:828)
at javax.security.auth.login.LoginContext.access$000(
LoginContext.java:196)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(
AccessController.java:650)
at javax.security.auth.login.LoginContext.invokePriv(
LoginContext.java:696)
at javax.security.auth.login.LoginContext.login(LoginContext.java:597)
at org.apache.kafka.common.security.authenticator.AbstractLogin.login(
AbstractLogin.java:69)
at org.apache.kafka.common.security.kerberos.KerberosLogin.login(
KerberosLogin.java:110)
I have modified the org/apache/atlas/security/InMemoryJAASConfiguration.java
to change the login module in case of IBM java to use
com.ibm.security.auth.module.Krb5LoginModule
for now to see if I can proceed further. I no longer see the login
exception but I do not see the hive entity in the Atlas search or in the
kafka topic ATLAS_ENTITIES. Any suggestion on how to proceed further ?
