Uploaded image for project: 'Zeppelin'
  1. Zeppelin
  2. ZEPPELIN-2540

JDBC Interpreter with proxy.user.property does not use kerberos keytab

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 0.8.0
    • Fix Version/s: None
    • Component/s: Interpreters
    • Labels:
    • Environment:

      Secure (Kerberos+SSL) CDH 5.8.3
      Apache Impala

      Description

      If you configure a JDBC interpreter with a Kerberized JDBC Server that allows user impersonation via Proxy user (i.e. Apache Impala) the interpreter uses just the proxy.user.property property and does not create a ProxyUser with UserGroupInformation

      Below the interpreter log:

       INFO [2017-05-12 18:33:49,807] ({pool-2-thread-2} JDBCInterpreter.java[appendProxyUserToURL]:408) - Using proxy user as :mmilesi
       INFO [2017-05-12 18:33:49,808] ({pool-2-thread-2} JDBCInterpreter.java[appendProxyUserToURL]:409) - Using proxy property for user as :DelegationUID
       INFO [2017-05-12 18:33:49,867] ({pool-2-thread-2} UserGroupInformation.java[loginUserFromKeytab]:981) - Login successful for user zeppelin/hadoop-cloudera7.hadoop.icteam.local@HADOOP.ICTEAM.LOCAL using keytab file /home/mmilesi/git/zeppelin/conf/zeppelin.keytab
      ERROR [2017-05-12 18:33:49,883] ({pool-2-thread-2} JDBCInterpreter.java[executeSql]:673) - Cannot run show databases;
      java.sql.SQLException: [Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
              at com.cloudera.hivecommon.api.HiveServer2ClientFactory.createTransport(Unknown Source)
              at com.cloudera.hivecommon.api.HiveServer2ClientFactory.createClient(Unknown Source)
              at com.cloudera.hivecommon.core.HiveJDBCCommonConnection.connect(Unknown Source)
              at com.cloudera.impala.core.ImpalaJDBCConnection.connect(Unknown Source)
              at com.cloudera.jdbc.common.BaseConnectionFactory.doConnect(Unknown Source)
              at com.cloudera.jdbc.common.AbstractDriver.connect(Unknown Source)
              at java.sql.DriverManager.getConnection(DriverManager.java:664)
              at java.sql.DriverManager.getConnection(DriverManager.java:208)
              at org.apache.commons.dbcp2.DriverManagerConnectionFactory.createConnection(DriverManagerConnectionFactory.java:79)
              at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:205)
              at org.apache.commons.pool2.impl.GenericObjectPool.create(GenericObjectPool.java:861)
              at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:435)
              at org.apache.commons.pool2.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:363)
              at org.apache.commons.dbcp2.PoolingDriver.connect(PoolingDriver.java:129)
              at java.sql.DriverManager.getConnection(DriverManager.java:664)
              at java.sql.DriverManager.getConnection(DriverManager.java:270)
              at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnectionFromPool(JDBCInterpreter.java:331)
              at org.apache.zeppelin.jdbc.JDBCInterpreter.getConnection(JDBCInterpreter.java:363)
              at org.apache.zeppelin.jdbc.JDBCInterpreter.executeSql(JDBCInterpreter.java:602)
              at org.apache.zeppelin.jdbc.JDBCInterpreter.interpret(JDBCInterpreter.java:734)
              at org.apache.zeppelin.interpreter.LazyOpenInterpreter.interpret(LazyOpenInterpreter.java:101)
              at org.apache.zeppelin.interpreter.remote.RemoteInterpreterServer$InterpretJob.jobRun(RemoteInterpreterServer.java:500)
              at org.apache.zeppelin.scheduler.Job.run(Job.java:181)
              at org.apache.zeppelin.scheduler.ParallelScheduler$JobRunner.run(ParallelScheduler.java:162)
              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
              at java.util.concurrent.FutureTask.run(FutureTask.java:266)
              at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)
              at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
      Caused by: com.cloudera.support.exceptions.GeneralException: [Simba][ImpalaJDBCDriver](500168) Error creating login context using ticket cache: Unable to obtain Principal Name for authentication .
              ... 30 more
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mmilesi_icteam Michele Milesi
            • Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: