Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-14378

Issue with setting zookeeper quorum to localhost in Kerberized env

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.0
    • Component/s: ambari-metrics
    • Labels:
      None
    • Environment:

      Secure cluster + AMS distributed mode

      Description

      Exception on AMS start:

      0.1:61181. Will attempt to SASL-authenticate using Login Context section 'Client'
      2015-12-14 23:39:18,810 INFO  zookeeper.Login (Login.java:getRefreshTime(301)) - [Thread-9] TGT valid starting at:        Mon Dec 14 23:39:18 UTC 2015
      2015-12-14 23:39:18,810 INFO  zookeeper.Login (Login.java:getRefreshTime(302)) - [Thread-9] TGT expires:                  Tue Dec 15 23:39:18 UTC 2015
      2015-12-14 23:39:18,810 INFO  zookeeper.Login (Login.java:run(181)) - [Thread-9] TGT refresh sleeping until: Tue Dec 15 19:05:57 UTC 2015
      2015-12-14 23:39:18,837 INFO  zookeeper.ClientCnxn (ClientCnxn.java:primeConnection(852)) - [main-SendThread(localhost:61181)] Socket connection established to localhost/127.0.0.1:61181, initiating session
      2015-12-14 23:39:18,965 INFO  zookeeper.ClientCnxn (ClientCnxn.java:onConnected(1235)) - [main-SendThread(localhost:61181)] Session establishment complete on server localhost/127.0.0.1:61181, sessionid = 0x151a2dcbfd50000, negotiated timeout = 120000
      2015-12-14 23:39:19,030 ERROR client.ZooKeeperSaslClient (ZooKeeperSaslClient.java:createSaslToken(384)) - [main-SendThread(localhost:61181)] An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. This may be caused by Java's being unable to resolve the Zookeeper Quorum Member's hostname correctly. You may want to try to adding '-Dsun.net.spi.nameservice.provider.1=dns,sun' to your client's JVMFLAGS environment. Zookeeper Client will go to AUTH_FAILED state.
      

      FIX
      zookeeper.quorum.hosts needs to be the fully qualified hostname of the AMS host instead of just "localhost".

        Attachments

        1. AMBARI-14378.patch
          1 kB
          Aravindan Vijayan

          Issue Links

            Activity

              People

              • Assignee:
                avijayan Aravindan Vijayan
                Reporter:
                avijayan Aravindan Vijayan
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: