Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
0.8-incubating
-
None
Description
Our product uses IBM JDK while interacting with hive metastore directly to create metadata. When Atlas-Hive hook is enabled in kerberized environment, our application logs are filled with the following errors as the Kerberos login module is not found in the path specified by atlas application properties file. IBM JDK has some more restrictions on Kerberos support where some of the options supported by sun JDK are not available.
ERROR - Failed to notify atlas for entity [[{Id='(type: hive_db, id: <unassigned>)', traits=[], values={owner=bigsql, ownerType=1, qualifiedName=tpcdsorc1000@bigsql502
org.apache.kafka.common.KafkaException: Failed to construct kafka producer
at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:338)
at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:188)
at org.apache.atlas.kafka.KafkaNotification.createProducer(KafkaNotification.java:289)
at org.apache.atlas.kafka.KafkaNotification.sendInternal(KafkaNotification.java:210)
at org.apache.atlas.notification.AbstractNotification.send(AbstractNotification.java:84)
at org.apache.atlas.hook.AtlasHook.notifyEntitiesInternal(AtlasHook.java:133)
at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:118)
at org.apache.atlas.hook.AtlasHook.notifyEntities(AtlasHook.java:171)
at org.apache.atlas.hive.hook.HiveHook.access$300(HiveHook.java:83)
at org.apache.atlas.hive.hook.HiveHook$3.run(HiveHook.java:221)
at java.security.AccessController.doPrivileged(AccessController.java:686)
at javax.security.auth.Subject.doAs(Subject.java:569)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1866)
at org.apache.atlas.hive.hook.HiveHook.notifyAsPrivilegedAction(HiveHook.java:233)
at org.apache.atlas.hive.hook.HiveHook$2.run(HiveHook.java:203)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:522)
at java.util.concurrent.FutureTask.run(FutureTask.java:277)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.lang.Thread.run(Thread.java:785)
Caused by: org.apache.kafka.common.KafkaException: javax.security.auth.login.LoginException: unable to find LoginModule class: com.sun.security.auth.module.Krb5LoginModule
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:71)
at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:85)
at org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:302)
... 19 more
Caused by: javax.security.auth.login.LoginException: unable to find LoginModule class: com.sun.security.auth.module.Krb5LoginModule
Attaching a patch to the defect we have tested to support IBM JDK and Kerberos on 0.8 level of Atlas