hbase-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shankar hiremath <shankar.hirem...@huawei.com>
Subject Multiple RegionServers with different kerberose principle
Date Fri, 25 Jul 2014 14:23:49 GMT
We have cluster with 1 Master and 2 Region Servers(RS1, RS2) with principle principle1/host1@HADOOP.COM<mailto:principle1/host1@HADOOP.COM>
Master and region server have the same principle as above.

We changed the RS2 principle as principle2/host1@HADOOP.COM<mailto:principle2/host1@HADOOP.COM>
in hbase-site.xml of RS2 machine and restarted the Region Server,
We observed the below exception in the region server RS2 log as below,

My doubt is is hbase supports different principle for each region server or not,  or the below
is an issue.
Hbase version: 0.98.3 & Hadoop version: 2.4.1

Region Server RS2 Log:
2014-07-25 20:12:27,020 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: Created SASL
server with mechanism = GSSAPI
2014-07-25 20:12:27,020 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: Have read input
token of size 599 for processing by saslServer.evaluateResponse()
2014-07-25 20:12:27,024 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: RpcServer.responder:
callId: -33 wrote 64 bytes.
2014-07-25 20:12:27,024 WARN  [RpcServer.reader=1,port=60020] ipc.RpcServer: RpcServer.listener,port=60020:
count of bytes read: 0
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified
at GSS-API level (Mechanism level: Checksum failed)]
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159)
        at org.apache.hadoop.hbase.ipc.RpcServer$Connection.saslReadAndProcess(RpcServer.java:1323)
        at org.apache.hadoop.hbase.ipc.RpcServer$Connection.readAndProcess(RpcServer.java:1509)
        at org.apache.hadoop.hbase.ipc.RpcServer$Listener.doRead(RpcServer.java:798)
        at org.apache.hadoop.hbase.ipc.RpcServer$Listener$Reader.doRunLoop(RpcServer.java:589)
        at org.apache.hadoop.hbase.ipc.RpcServer$Listener$Reader.run(RpcServer.java:564)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:662)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137)
        ... 8 more
Caused by: KrbException: Checksum failed
        at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:85)
        at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:77)
        at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:268)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
        ... 11 more
Caused by: java.security.GeneralSecurityException: Checksum failed
        at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:431)
        at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:254)
        at sun.security.krb5.internal.crypto.Aes256.decrypt(Aes256.java:59)
        at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:83)
        ... 17 more
2014-07-25 20:12:27,026 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: RpcServer.listener,port=60020:
DISCONNECTING client XX.XX.XX.XX:58627 because read count=-1. Number of active connections:
1
2014-07-25 20:12:27,026 DEBUG [RpcServer.reader=1,port=60020] ipc.RpcServer: The connection
from user: Unknown will be closed.
2014-07-25 20:12:30,584 DEBUG [RpcServer.listener,port=60020] ipc.RpcServer: RpcServer.listener,port=60020:
connection from XX.XX.XX.XX:58633; # active connections: 1
2014-07-25 20:12:30,586 DEBUG [RpcServer.reader=2,port=60020] ipc.RpcServer: Kerberos principal
name is principle2/host1@HADOOP.COM
2014-07-25 20:12:30,588 DEBUG [RpcServer.reader=2,port=60020] ipc.RpcServer: Created SASL
server with mechanism = GSSAPI

Regards
-Shankar

[X]
This e-mail and its attachments contain confidential information from HUAWEI, which is intended
only for the person or entity whose address is listed above. Any use of the information contained
herein in any way (including, but not limited to, total or partial disclosure, reproduction,
or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive
this e-mail in error, please notify the sender by phone or email immediately and delete it!
[X]






Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message