falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Venkat R <verama...@yahoo.com.INVALID>
Subject Re: Prism server setup
Date Tue, 15 Jul 2014 20:09:02 GMT
Prism and Falcon for colo-1 are running on the same machine and Falcon for colo-2 is running
on a different machine. 

So, I'm sharing the config files with Prisim and Falcon colo-1. 
I think it should be okay?


On Tuesday, July 15, 2014 1:03 PM, Arpit Gupta <arpit@hortonworks.com> wrote:
 


you cant use the same config for falcon and prism servers they are running on different hosts
at least from the hostname you mention.

The falcon service principal and spnego principal both have to have hostnames as part of them.
For example if your host is "eat1-server1.grid.example.com"

then your falcon service principal would be "falcon/eat1-server1.grid.example.com@REALM" and
spnego would be "HTTP/eat1-server1.grid.example.com@REALM"


If you are using _HOST in the configs instead of the real hostname then you have to make sure
the appropriate principal's are available in keytabs.

--
Arpit Gupta
Hortonworks Inc.
http://hortonworks.com/

On Jul 15, 2014, at 12:16 PM, Venkat R <veramacha@yahoo.com.INVALID> wrote:

> Hi Arpit,
> 
> curl --negotiate -u : "http://eat1-server1.grid.example.com:16000/"
> <html>
> <head>
> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
> <title>Error 503 SERVICE_UNAVAILABLE</title>
> </head>
> <body>
> <h2>HTTP ERROR: 503</h2>
> <p>Problem accessing /. Reason:
> <pre>    SERVICE_UNAVAILABLE</pre></p>
> <hr /><i><small>Powered by Jetty://</small></i>
> </body>
> </html>
> 
> The startup.properties points to the correct keytabs containing both the falcon user
and HTTP principals. The Falcon server starts without any issue (or exception).
> 
> Command to start prism:
> $ bin/prism-start -port 16000
> $ bin/prism-status
> Hadoop is installed, adding hadoop classpath to falcon classpath
> Falcon server is running (on http://eat1-hcl0758.grid.linkedin.com:15000/)
> 
> runtime.properties
> 
> *.all.colos=eat-1, lva-1
> *.falcon.eat-1.endpoint=http://eat1-server1.grid.example.com:15000
> *.falcon.lva-1.endpoint=http://lva1-server1.grid.example.com:15000
> #falcon server should have the following properties
> falcon.current.colo=eat-1
> ######### Authentication Properties #########
> falcon.enableTLS=false
> 
> The startup properties remains the same as the one I used for standalone version (nothing
changed).
> 
> is there something else in the config I'm missing?
> 
> Thanks
> 
> 
> 
> On Tuesday, July 15, 2014 9:17 AM, Arpit Gupta <arpit@hortonworks.com> wrote:
> 
> 
> 
> Then check your service principal and spnego principal properties and make sure the keytab
location and the principal configured are correct.
> 
> From the exception it could not log in using the keytab provided.
> 
> --
> Arpit Gupta
> Hortonworks Inc.
> http://hortonworks.com/
> 
> On Jul 15, 2014, at 9:14 AM, veramacha@yahoo.com <veramacha@yahoo.com.INVALID>
wrote:
> 
>> Arpit 
>> 
>> Will try, but the exception I see is in the prism.application.log and so the service
is not up.
>> 
>> Sent from my HTC
>> 
>> ----- Reply message -----
>> From: "Arpit Gupta" <arpit@hortonworks.com>
>> To: "dev@falcon.incubator.apache.org" <dev@falcon.incubator.apache.org>, "Venkat
R" <veramacha@yahoo.com>
>> Subject: Prism server setup
>> Date: Tue, Jul 15, 2014 8:46 AM
>> 
>> If you are running secure falcon than the browser will need spnego support
>> in order to show the UI. The error message the user sees can be improved
>> but you will need to configure your browser to do spnego negotiate.
>> 
>> After kinit run the following call
>> 
>> curl --negotiate -u : "http://eat1-hcl0758.grid.linkedin.com:16000/ " and
>> see if it goes through.
>> 
>> Arpit
>> 
>> 
>> On Mon, Jul 14, 2014 at 6:28 PM, Venkat R <veramacha@yahoo.com.invalid>
>> wrote:
>> 
>>> Hi All,
>>> 
>>> I followed the instructions here
>>> https://blogs.apache.org/falcon/entry/starting_falcon_in_distributed_mode and
>>> made the necessary changes to the conf/runtime.properties as below:
>>> 
>>> <verbatim>
>>> 
>>> *.all.colos=eat-1, lva-1
>>> *.falcon.eat-1.endpoint=http://eat1-server1.grid.example.com:15000
>>> *.falcon.lva-1.endpoint=http://lva1-server2.grid.example.com:15000
>>> 
>>> #falcon server should have the following properties
>>> falcon.current.colo=eat-1
>>> 
>>> </verbatim>
>>> 
>>> I started the prism server as follows:
>>> 
>>> bin/prism-start -port 16000
>>> 
>>> and the status report ok. But browser reports error when I try to access
>>> http://eat1-hcl0758.grid.linkedin.com:16000/
>>> 
>>> return ERROR 503.
>>> 
>>> And the prims log has the following exception:
>>> 
>>> Not sure what this password being asked.
>>> 
>>> The use lannching the Prism server has kerberos TGT in the cache.
>>> 
>>> Thanks
>>> --Venkat
>>> 
>>> 
>>> 2014-07-15 01:19:21,426 WARN  - [main:] ~ Nested in
>>> javax.servlet.ServletException: javax.security.auth.login.LoginException:
>>> Unable to obtain password from user
>>> : (log:89)
>>> javax.security.auth.login.LoginException: Unable to obtain password from
>>> user
>>> 
>>>         at
>>> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:789)
>>>         at
>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:654)
>>>         at
>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
>>>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>         at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>         at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>         at java.lang.reflect.Method.invoke(Method.java:597)
>>>         at
>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
>>>         at
>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>>         at
>>> javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
>>>         at java.security.AccessController.doPrivileged(Native Method)
>>>         at
>>> javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
>>>         at
>>> javax.security.auth.login.LoginContext.login(LoginContext.java:575)
>>>         at
>>> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:187)
>>>         at
>>> org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:146)
>>>         at
>>> org.apache.falcon.security.BasicAuthFilter.init(BasicAuthFilter.java:82)
>>>         at
>>> org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
>>>         at
>>> org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
>>>         at
>>> org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
>>>         at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
>>>         at
>>> org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
>>> 
>> 
>> -- 
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity to 
>> which it is addressed and may contain information that is confidential, 
>> privileged and exempt from disclosure under applicable law. If the reader 
>> of this message is not the intended recipient, you are hereby notified that 
>> any printing, copying, dissemination, distribution, disclosure or 
>> forwarding of this communication is strictly prohibited. If you have 
>> received this communication in error, please contact the sender immediately 
>> and delete it from your system. Thank You.

> 
> 
> 
> -- 
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity to 
> which it is addressed and may contain information that is confidential, 
> privileged and exempt from disclosure under applicable law. If the reader 
> of this message is not the intended recipient, you are hereby notified that 
> any printing, copying, dissemination, distribution, disclosure or 
> forwarding of this communication is strictly prohibited. If you have 
> received this communication in error, please contact the sender immediately 
> and delete it from your system. Thank You.


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message