phoenix-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Biju N <bijuatapa...@gmail.com>
Subject Re: Phoenix JDBC connection to secure HBase fails
Date Wed, 09 Dec 2015 22:54:10 GMT
Thanks Akhilesh/Mujtaba for your suggestions. Adding core-site.xml from the
target cluster to the class path resolved the issue. We initially only had
hbase and hdfs site xmls in the class path.  Is there a way to set the
hbase/core site properties in the code instead of copying the config xmls
to the class path.

On Tue, Dec 8, 2015 at 1:39 PM, Mujtaba Chohan <mujtaba@apache.org> wrote:

> Add the following java parameter to connect to secure cluster:
> -Djava.security.auth.login.config=$yourpath/conf/zk-jaas.conf
> -Djava.security.krb5.conf=$yourpath/krb5.conf. More detailed instruction
> are at
>
> http://bigdatanoob.blogspot.com/2013/09/connect-phoenix-to-secure-hbase-cluster.html
> .
>
>
> //mujtaba
>
> On Tue, Dec 8, 2015 at 7:20 AM, Biju N <bijuatapache@gmail.com> wrote:
>
> > Hi There,
> >    We are trying to connect to a secure HBase/Phoenix cluster through
> > Phoenix JDBC using a kerberos Keytab and Principal. Using the same Keytab
> > and principal we are able to connect successfully to HBase through HBase
> > APIs but the connection request fails when making the Phoenix JDBC
> > connection.
> >
> > The JDBC connection string used is of the format
> >
> > "jdbc:phoenix:zkquorum:/hbase:principal@REALM.COM:keytab-file-path"
> >
> > and the following is the exception. If any pointers to what could be the
> > cause for this exception that would be helpful. We are using Phoenix 4.2
> > against hbase 98.x.
> >
> > 34039 [main] FATAL org.apache.hadoop.hbase.ipc.RpcClient  - SASL
> > authentication failed. The most likely cause is missing or invalid
> > credentials. Consider 'kinit'.
> > javax.security.sasl.SaslException: GSS initiate failed [Caused by
> > GSSException: No valid credentials provided (Mechanism level: Failed to
> > find any Kerberos tgt)]
> >         at
> >
> >
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
> >         at
> >
> >
> org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:177)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:815)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$800(RpcClient.java:349)
> >         at
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:943)
> >         at
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:940)
> >         at java.security.AccessController.doPrivileged(Native Method)
> >         at javax.security.auth.Subject.doAs(Subject.java:422)
> >         at
> >
> >
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:940)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.writeRequest(RpcClient.java:1094)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$Connection.tracedWriteRequest(RpcClient.java:1061)
> >         at
> org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1516)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1724)
> >         at
> >
> >
> org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1777)
> >         at
> >
> >
> org.apache.hadoop.hbase.protobuf.generated.MasterProtos$MasterService$BlockingStub.isMasterRunning(MasterProtos.java:42561)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.isMasterRunning(ConnectionManager.java:1664)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStubNoRetries(ConnectionManager.java:1573)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$StubMaker.makeStub(ConnectionManager.java:1599)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation$MasterServiceStubMaker.makeStub(ConnectionManager.java:1653)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.ConnectionManager$HConnectionImplementation.getKeepAliveMasterService(ConnectionManager.java:1860)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin$MasterCallable.prepare(HBaseAdmin.java:3363)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:125)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.executeCallable(HBaseAdmin.java:3390)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:408)
> >         at
> >
> >
> org.apache.hadoop.hbase.client.HBaseAdmin.getTableDescriptor(HBaseAdmin.java:429)
> >         at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.ensureTableCreated(ConnectionQueryServicesImpl.java:759)
> >         at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.createTable(ConnectionQueryServicesImpl.java:1104)
> >         at
> >
> >
> org.apache.phoenix.query.DelegateConnectionQueryServices.createTable(DelegateConnectionQueryServices.java:110)
> >         at
> >
> >
> org.apache.phoenix.schema.MetaDataClient.createTableInternal(MetaDataClient.java:1527)
> >         at
> >
> >
> org.apache.phoenix.schema.MetaDataClient.createTable(MetaDataClient.java:535)
> >         at
> >
> >
> org.apache.phoenix.compile.CreateTableCompiler$2.execute(CreateTableCompiler.java:184)
> >         at
> >
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:260)
> >         at
> >
> org.apache.phoenix.jdbc.PhoenixStatement$2.call(PhoenixStatement.java:252)
> >         at org.apache.phoenix.call.CallRunner.run(CallRunner.java:53)
> >         at
> >
> >
> org.apache.phoenix.jdbc.PhoenixStatement.executeMutation(PhoenixStatement.java:250)
> >         at
> >
> >
> org.apache.phoenix.jdbc.PhoenixStatement.executeUpdate(PhoenixStatement.java:1026)
> >         at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1529)
> >         at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl$9.call(ConnectionQueryServicesImpl.java:1498)
> >         at
> >
> >
> org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
> >         at
> >
> >
> org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1498)
> >         at
> >
> >
> org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:162)
> >         at
> >
> >
> org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:126)
> >         at
> > org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:133)
> >         at java.sql.DriverManager.getConnection(DriverManager.java:664)
> >         at java.sql.DriverManager.getConnection(DriverManager.java:270)
> >         at
> com.bloomberg.hbase.sample.PhoenixDemo.main(PhoenixDemo.java:40)
> > Caused by: GSSException: No valid credentials provided (Mechanism level:
> > Failed to find any Kerberos tgt)
> >         at
> >
> >
> sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
> >         at
> >
> >
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
> >         at
> >
> >
> sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
> >         at
> >
> >
> sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
> >         at
> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
> >         at
> > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
> >         at
> >
> >
> com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
> >         ... 46 more
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message