Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-10675

IntegrationTestIngestWithACL should allow User to be passed as Parameter

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.98.1, 0.99.0
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      To use this feature of passing superuser and userlist we need to give the following command
      {code}
      ./hbase --config /usr/lib/hbase/conf/ org.apache.hadoop.hbase.IntegrationTestIngestWithACL -superuser <user> -userlist <user1>,<user2>,<user3>
      {code}
      Ensure that the userlist is comma seperated.
      Show
      To use this feature of passing superuser and userlist we need to give the following command {code} ./hbase --config /usr/lib/hbase/conf/ org.apache.hadoop.hbase.IntegrationTestIngestWithACL -superuser <user> -userlist <user1>,<user2>,<user3> {code} Ensure that the userlist is comma seperated.

      Description

      The IntegrationTestIngestWithACL needs to be modified to allow the user to be passed in as an argument at run time. Currently, the test is using a fixed set of user names which cannot be authenticated via Kerberos, causing the test to fail. Allowing the username to be passed at run time will allow a user that is already authenticated by Kerberos to be used, and resolve the failure.

      2014-02-06 02:58:25,315|beaver.machine|INFO|RUNNING: /usr/bin/kinit -c /hbase.kerberos.ticket -k -t /home/hadoopqa/keytabs/hbase.headless.keytab hbase
      2014-02-06 02:58:25,325|beaver.machine|INFO|RUNNING: /usr/lib/hbase/bin/hbase --config /tmp/hbaseConf org.apache.hadoop.hbase.IntegrationTestsDriver -regex IntegrationTestIngestWithACL
      
      2014-02-06 02:58:34,489|beaver.machine|INFO|2014-02-06 02:58:34,489 DEBUG HBaseWriterThreadWithACL_1 token.AuthenticationTokenSelector: No matching token found
      2014-02-06 02:58:34,493|beaver.machine|INFO|2014-02-06 02:58:34,489 DEBUG HBaseWriterThreadWithACL_1 security.HBaseSaslRpcClient: Creating SASL GSSAPI client. Server's Kerberos principal name is hbase/h2-ubuntu12-sec-1391405488-hbase-7.cs1cloud.internal@EXAMPLE.COM
      2014-02-06 02:58:34,493|beaver.machine|INFO|2014-02-06 02:58:34,491 WARN HBaseWriterThreadWithACL_1 security.UserGroupInformation: PriviledgedActionException as:owner (auth:SIMPLE) cause:javax.security.sasl.SaslException: GSS initiate failed Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
      2014-02-06 02:58:34,493|beaver.machine|INFO|2014-02-06 02:58:34,492 WARN HBaseWriterThreadWithACL_1 ipc.RpcClient: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
      2014-02-06 02:58:34,498|beaver.machine|INFO|2014-02-06 02:58:34,493 FATAL HBaseWriterThreadWithACL_1 ipc.RpcClient: SASL authentication failed. The most likely cause is missing or invalid credentials. Consider 'kinit'.
      2014-02-06 02:58:34,499|beaver.machine|INFO|javax.security.sasl.SaslException: GSS initiate failed Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
      2014-02-06 02:58:34,499|beaver.machine|INFO|at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
      2014-02-06 02:58:34,499|beaver.machine|INFO|at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:152)
      2014-02-06 02:58:34,500|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupSaslConnection(RpcClient.java:762)
      2014-02-06 02:58:34,500|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient$Connection.access$600(RpcClient.java:354)
      2014-02-06 02:58:34,500|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:883)
      2014-02-06 02:58:34,501|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient$Connection$2.run(RpcClient.java:880)
      2014-02-06 02:58:34,501|beaver.machine|INFO|at java.security.AccessController.doPrivileged(Native Method)
      2014-02-06 02:58:34,501|beaver.machine|INFO|at javax.security.auth.Subject.doAs(Subject.java:396)
      2014-02-06 02:58:34,501|beaver.machine|INFO|at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1548)
      2014-02-06 02:58:34,502|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient$Connection.setupIOstreams(RpcClient.java:880)
      2014-02-06 02:58:34,502|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient.getConnection(RpcClient.java:1536)
      2014-02-06 02:58:34,502|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient.call(RpcClient.java:1425)
      2014-02-06 02:58:34,502|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient.callBlockingMethod(RpcClient.java:1654)
      2014-02-06 02:58:34,503|beaver.machine|INFO|at org.apache.hadoop.hbase.ipc.RpcClient$BlockingRpcChannelImplementation.callBlockingMethod(RpcClient.java:1712)
      2014-02-06 02:58:34,503|beaver.machine|INFO|at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.get(ClientProtos.java:28833)
      2014-02-06 02:58:34,503|beaver.machine|INFO|at org.apache.hadoop.hbase.protobuf.ProtobufUtil.getRowOrBefore(ProtobufUtil.java:1466)
      2014-02-06 02:58:34,503|beaver.machine|INFO|at org.apache.hadoop.hbase.client.HTable$2.call(HTable.java:701)
      2014-02-06 02:58:34,504|beaver.machine|INFO|at org.apache.hadoop.hbase.client.HTable$2.call(HTable.java:699)
      2014-02-06 02:58:34,504|beaver.machine|INFO|at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:120)
      2014-02-06 02:58:34,504|beaver.machine|INFO|at org.apache.hadoop.hbase.client.HTable.getRowOrBefore(HTable.java:705)
      2014-02-06 02:58:34,504|beaver.machine|INFO|at org.apache.hadoop.hbase.client.MetaScanner.metaScan(MetaScanner.java:144)
      

      Thanks to Huned who discovered this issue.

        Attachments

        1. 10675-0.98.addendum
          0.7 kB
          Ted Yu
        2. HBASE-10675_3.patch
          12 kB
          ramkrishna.s.vasudevan
        3. HBASE-10675_2.patch
          12 kB
          ramkrishna.s.vasudevan
        4. HBASE-10675_1.patch
          10 kB
          ramkrishna.s.vasudevan

          Activity

            People

            • Assignee:
              ram_krish ramkrishna.s.vasudevan
              Reporter:
              yuzhihong@gmail.com Ted Yu
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: