ambari-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hudson (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-22505) Kafka service check fails when using a non-root user in kerberized environment
Date Thu, 30 Nov 2017 20:27:00 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-22505?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16273355#comment-16273355
] 

Hudson commented on AMBARI-22505:
---------------------------------

FAILURE: Integrated in Jenkins build Ambari-branch-2.6 #510 (See [https://builds.apache.org/job/Ambari-branch-2.6/510/])
AMBARI-22505 : Kafka service check fails when using a non-root user in (mradhakrishnan: [http://git-wip-us.apache.org/repos/asf?p=ambari.git&a=commit&h=a06f69dd50d311dd7502352fd59d2dfc072bc505])
* (edit) ambari-server/src/main/resources/common-services/KAFKA/0.8.1/package/scripts/service_check.py


> Kafka service check fails when using a non-root user in kerberized environment
> ------------------------------------------------------------------------------
>
>                 Key: AMBARI-22505
>                 URL: https://issues.apache.org/jira/browse/AMBARI-22505
>             Project: Ambari
>          Issue Type: Bug
>          Components: stacks
>    Affects Versions: 2.6.0
>            Reporter: Yolanda M. Davis
>            Assignee: Yolanda M. Davis
>         Attachments: AMBARI-22505.patch
>
>
> When Ambari agents are configured to run with a non-root user, if kerberos is enabled,
Kafka service check experiences errors in the logs which indicate that the check is attempting
to create a topic that already exists.  However the true failure, which isn't in the logs
but captured in an error variable, demonstrates the culprit (see below):
> [2017-11-22 05:12:57,029] WARN SASL configuration failed: javax.security.auth.login.LoginException:
No password provided Will continue connection to Zookeeper server without SASL authentication,
if Zookeeper server allows it. (org.apache.zookeeper.ClientCnxn)
> Exception in thread "main" org.I0Itec.zkclient.exception.ZkAuthFailedException: Authentication
failure
> 	at org.I0Itec.zkclient.ZkClient.waitForKeeperState(ZkClient.java:947)
> 	at org.I0Itec.zkclient.ZkClient.waitUntilConnected(ZkClient.java:924)
> 	at org.I0Itec.zkclient.ZkClient.connect(ZkClient.java:1231)
> 	at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:157)
> 	at org.I0Itec.zkclient.ZkClient.<init>(ZkClient.java:131)
> 	at kafka.utils.ZkUtils$.createZkClientAndConnection(ZkUtils.scala:115)
> 	at kafka.utils.ZkUtils$.apply(ZkUtils.scala:97)
> 	at kafka.admin.TopicCommand$.main(TopicCommand.scala:56)
> 	at kafka.admin.TopicCommand.main(TopicCommand.scala)
> This occurs because a prior check to see if the topic exists is not executed as the kafka
user. A subsequent call to create the topic does execute as that user.  The first check should
also execute as the kakfa user.  Also Ambari should immediately raise a failure if an error
occurs during the topic check and show that error in the logs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message