metron-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Justin Leet (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (METRON-1813) Stellar REPL Not Initialized with Client JAAS
Date Tue, 11 Dec 2018 16:10:00 GMT

     [ https://issues.apache.org/jira/browse/METRON-1813?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Justin Leet updated METRON-1813:
--------------------------------
    Fix Version/s: 0.7.0

> Stellar REPL Not Initialized with Client JAAS
> ---------------------------------------------
>
>                 Key: METRON-1813
>                 URL: https://issues.apache.org/jira/browse/METRON-1813
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Nick Allen
>            Assignee: Nick Allen
>            Priority: Major
>             Fix For: 0.7.0
>
>
> Running a function like `KAFKA_GET` in the Stellar REPL does not work in a kerberized
environment.
> h3. Steps to Replicate
> 1. Deploy Metron in a kerberized environment.
> 2. Launch the REPL.
> {code}
> source /etc/default/metron 
> $METRON_HOME/bin/stellar -z $ZOOKEEPER
> {code}
> 3. Attempt to get a message from Kafka.
> {code} 
> [Stellar]>>> conf := \{ "group.id":"bro_parser","security.protocol":"SASL_PLAINTEXT"
} \{security.protocol=SASL_PLAINTEXT, group.id=bro_parser} [Stellar]>>> KAFKA_GET("bro",
10, conf) [!] Unable to parse: KAFKA_GET("bro", 10, conf) due to: Failed to construct kafka
consumer with relevant variables conf=\{security.protocol=SASL_PLAINTEXT, group.id=bro_parser}
org.apache.metron.stellar.dsl.ParseException: Unable to parse: KAFKA_GET("bro", 10, conf)
due to: Failed to construct kafka consumer with relevant variables conf=\{security.protocol=SASL_PLAINTEXT,
group.id=bro_parser} at org.apache.metron.stellar.common.BaseStellarProcessor.createException(BaseStellarProcessor.java:173)
at org.apache.metron.stellar.common.BaseStellarProcessor.parse(BaseStellarProcessor.java:154)
at org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.executeStellar(DefaultStellarShellExecutor.java:405)
at org.apache.metron.stellar.common.shell.DefaultStellarShellExecutor.execute(DefaultStellarShellExecutor.java:257)
at org.apache.metron.stellar.common.shell.cli.StellarShell.execute(StellarShell.java:357)
at org.jboss.aesh.console.AeshProcess.run(AeshProcess.java:53) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.kafka.common.KafkaException: Failed to construct kafka consumer at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:702)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:587) at
org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:569) at org.apache.metron.management.KafkaFunctions$KafkaGet.getMessages(KafkaFunctions.java:227)
at org.apache.metron.management.KafkaFunctions$KafkaGet.apply(KafkaFunctions.java:209) at
org.apache.metron.stellar.common.StellarCompiler.lambda$exitTransformationFunc$13(StellarCompiler.java:652)
at org.apache.metron.stellar.common.StellarCompiler$Expression.apply(StellarCompiler.java:250)
at org.apache.metron.stellar.common.BaseStellarProcessor.parse(BaseStellarProcessor.java:151)
... 7 more Caused by: org.apache.kafka.common.KafkaException: org.apache.kafka.common.KafkaException:
Jaas configuration not found at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:86)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:71) at org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:83)
at org.apache.kafka.clients.consumer.KafkaConsumer.<init>(KafkaConsumer.java:623) ...
14 more Caused by: org.apache.kafka.common.KafkaException: Jaas configuration not found at
org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:299)
at org.apache.kafka.common.security.kerberos.KerberosLogin.configure(KerberosLogin.java:103)
at org.apache.kafka.common.security.authenticator.LoginManager.<init>(LoginManager.java:45)
at org.apache.kafka.common.security.authenticator.LoginManager.acquireLoginManager(LoginManager.java:68)
at org.apache.kafka.common.network.SaslChannelBuilder.configure(SaslChannelBuilder.java:78)
... 17 more Caused by: java.io.IOException: Could not find a 'KafkaClient' entry in this configuration.
at org.apache.kafka.common.security.JaasUtils.jaasConfig(JaasUtils.java:50) at org.apache.kafka.common.security.kerberos.KerberosLogin.getServiceName(KerberosLogin.java:297)
... 21 more 
> [Stellar]>>> 
> {code}
> h3. Root Cause
> When the Stellar REPL is launched in a Kerberized environment, it needs to have the Client
JAAS passed to it so that Stellar functions can access resources like Kafka. The JVM running
the REPL never gets passed the "-Djava.security.auth.login.config=/usr/hcp/current/metron/client_jaas.conf"
JVM arg. This is needed to access resources in a Kerberized environment.
> As a work around, the `$METRON_HOME/bin/stellar` script can be modified so that the following
arg is passed to the JVM running the Stellar REPL: `-Djava.security.auth.login.config=/usr/hcp/current/metron/client_jaas.conf`



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message