Uploaded image for project: 'Metron (Retired)'
  1. Metron (Retired)
  2. METRON-1813

Stellar REPL Not Initialized with Client JAAS

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Done
    • Major
    • Resolution: Done
    • None
    • 0.7.0
    • None

    Description

      Running a function like `KAFKA_GET` in the Stellar REPL does not work in a kerberized environment.

      Steps to Replicate

      1. Deploy Metron in a kerberized environment.
      2. Launch the REPL.

      source /etc/default/metron 
$METRON_HOME/bin/stellar -z $ZOOKEEPER

      3. Attempt to get a message from Kafka.

       
[Stellar]>>> conf := \{ "group.id":"bro_parser","security.protocol":"SASL_PLAINTEXT" } \{security.protocol=SASL_PLAINTEXT, group.id=bro_parser} [Stellar]>>> KAFKA_GET("bro", 10, conf) [!] Unable to parse: KAFKA_GET("bro", 10, conf) due to: Failed to construct kafka consumer with relevant variables conf=\{security.protocol=SASL_PLAINTEXT, group.id=bro_parser} org.apache.metron.stellar.dsl.ParseException: Unable to parse: KAFKA_GET("bro", 10, conf) due to: Failed to construct kafka consumer with relevant variables conf=\{security.protocol=SASL_PLAINTEXT, group.id=bro_parser} at org.apache.metron.stellar.common.BaseStellarProcessor.createException(BaseStellarProcessor.java:173) at org.apache.metron.stellar.common.BaseStellarProcessor.parse(BaseStellarProcessor.java:154) at org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.executeStellar(DefaultStellarShellExecutor.java:405) at org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.execute(DefaultStellarShellExecutor.java:257) at org.apache.metron.stellar.common.shell.cli.StellarShell.execute(StellarShell.java:357) at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.apache.kafka.common.KafkaException: Failed to construct kafka consumer at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:702) at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:587) at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:569) at org.apache.metron.management.KafkaFunctions$KafkaGet.getMessages(KafkaFunctions.java:227) at org.apache.metron.management.KafkaFunctions$KafkaGet.apply(KafkaFunctions.java:209) at org.apache.metron.stellar.common.StellarCompiler.lambda$exitTransformationFunc$13(StellarCompiler.java:652) at org.apache.metron.stellar.common.StellarCompiler$Expression.apply(StellarCompiler.java:250) at org.apache.metron.stellar.common.BaseStellarProcessor.parse(BaseStellarProcessor.java:151) ... 7 more Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException: Jaas configuration not found at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86) at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:71) at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83) at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:623) ... 14 more Caused by: org.apache.kafka.common.KafkaException: Jaas configuration not found at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:299) at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:103) at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:45) at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68) at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78) ... 17 more Caused by: java.io.IOException: Could not find a 'KafkaClient' entry in this configuration. at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:50) at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:297) ... 21 more 
[Stellar]>>>

      Root Cause

      When the Stellar REPL is launched in a Kerberized environment, it needs to have the Client JAAS passed to it so that Stellar functions can access resources like Kafka. The JVM running the REPL never gets passed the "-Djava.security.auth.login.config=/usr/hcp/current/metron/client_jaas.conf" JVM arg. This is needed to access resources in a Kerberized environment.

      As a work around, the `$METRON_HOME/bin/stellar` script can be modified so that the following arg is passed to the JVM running the Stellar REPL: `-Djava.security.auth.login.config=/usr/hcp/current/metron/client_jaas.conf`

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #1232

          Activity

            People

              nickwallen Nick Allen
              nickwallen Nick Allen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: