storm-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prakash r <rprakashd...@gmail.com>
Subject Storm Kerberos starting topology fails with "The TGT found is not renewable"
Date Tue, 09 Jan 2018 04:34:56 GMT
Hello,

We are facing issue with starting a topology when Storm is kerberosed.

1189 [main] INFO o.a.s.s.a.AuthUtils - Got AutoCreds
[org.apache.storm.security.auth.kerberos.AutoTGT@129b4fe2]

1189 [main] INFO  o.a.s.StormSubmitter - Running
org.apache.storm.security.auth.kerberos.AutoTGT@129b4fe2
Exception in thread "main" java.lang.RuntimeException:
java.lang.RuntimeException: The TGT found is not renewable
at org.apache.storm.security.auth.kerberos.AutoTGT.populateCred
entials(AutoTGT.java:103)
at org.apache.storm.StormSubmitter.populateCredentials(StormSub
mitter.java:94)
at org.apache.storm.StormSubmitter.submitTopologyAs(StormSubmitter.java:214)
at org.apache.storm.StormSubmitter.submitTopology(StormSubmitter.java:310)
at org.apache.storm.StormSubmitter.submitTopology(StormSubmitter.java:157)
at storm.starter.WordCountTopology.main(WordCountTopology.java:77)
Caused by: java.lang.RuntimeException: The TGT found is not renewable
at org.apache.storm.security.auth.kerberos.AutoTGT.populateCred
entials(AutoTGT.java:94)

 ... 5 more

When we check the Keberos Principal which as R Flag as well.

We tried even regenerating the keytabs, this problem is not resolved.

When we submit from new keytab principal, this is working fine.

*Can you please suggest, is there anyway we can avoid this TGT Renewal
check or how to resolve.*

*OS version :*
Red Hat Enterprise Linux Server release 7.4 (Maipo)


*Problematic principal details :*
[storm@cbro-test-stm1 ~]$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1021
Default principal: *storm-xxxx_master@XXXXXX.COM*
<storm-xxxx_master@XXXXXX.COM>

Valid starting       Expires              Service principal
01/06/2018 22:30:40  01/07/2018 08:30:40  krbtgt/*XXXXXX.COM@XXXXXX.COM*
<XXXXXX.COM@XXXXXX.COM>
        renew until 01/12/2018 13:54:47, Flags: FRIAT



*Working principal details :*
[metron@cbro-test-edg4 ~]$ klist -f
Ticket cache: FILE:/tmp/krb5cc_1024
Default principal: *metron@XXXXXX.COM* <metron@XXXXXX.COM>

Valid starting       Expires              Service principal
01/09/2018 15:28:47  01/10/2018 01:28:47  krbtgt/*XXXXXX.COM@XXXXXX.COM*
<XXXXXX.COM@XXXXXX.COM>
        renew until 01/16/2018 15:28:47, Flags: FRIA


Regards,
Prakash R

Mime
View raw message