[GitHub] zeppelin pull request #2407: [ZEPPELIN-1907] Shell Interpreter does not rene...

Fri, 16 Jun 2017 05:58:18 -0700 

GitHub user prabhjyotsingh reopened a pull request:

    https://github.com/apache/zeppelin/pull/2407

    [ZEPPELIN-1907] Shell Interpreter does not renew ticket on secure cluster

    ### What is this PR for?
    Kerberos ticket and renew lifetime are set to 1 hour. On accessing secure 
Hadoop from shell interpreter, it does kinit and returns result successfully 
but after 1 hour, the ticket gets expired and Hadoop list fails with below 
exception.
    
    ```
    %sh
    hadoop fs -ls /
    
    17/01/05 09:29:45 WARN ipc.Client: Exception encountered while connecting 
to the server : 
    javax.security.sasl.SaslException: GSS initiate failed [Caused by 
GSSException: No valid credentials provided (Mechanism level: Failed to find 
any Kerberos tgt)]
        at 
com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
        at 
org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:413)
        at 
org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:595)
        at org.apache.hadoop.ipc.Client$Connection.access$2000(Client.java:397)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:762)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:758)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1724)
        at 
org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:757)
        at org.apache.hadoop.ipc.Client$Connection.access$3200(Client.java:397)
        at org.apache.hadoop.ipc.Client.getConnection(Client.java:1618)
        at org.apache.hadoop.ipc.Client.call(Client.java:1449)
        at org.apache.hadoop.ipc.Client.call(Client.java:1396)
        at 
org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:233)
        at com.sun.proxy.$Proxy10.getFileInfo(Unknown Source)
    ls: Failed on local exception: java.io.IOException: 
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: 
No valid credentials provided (Mechanism level: Failed to find any Kerberos 
tgt)]; Host Details : local host is: "zeppelin1.hwxblr.com/10.0.1.57"; 
destination host is: "zeppelin1.hwxblr.com":8020; 
    ExitValue: 1
    ```
    
    ### What type of PR is it?
    [Bug Fix]
    
    ### What is the Jira issue?
    * [ZEPPELIN-1907](https://issues.apache.org/jira/browse/ZEPPELIN-1907)
    
    ### How should this be tested?
    On a Kerberos enabled cluster, run this paragraph
    ```
    %sh
    hdfs dfs -ls /user/zeppelin/
    ```
    Wait for key-tab to expire (or run `kdestroy`), and re-run the same 
paragraph.
    
    ### Screenshots (if appropriate)
    Before:
    <img width="1438" alt="screen shot 2017-06-13 at 3 44 30 pm" 
src="https://user-images.githubusercontent.com/674497/27078184-511ed810-5050-11e7-8afa-90247f33047a.png";>
    
    After:
    <img width="1438" alt="screen shot 2017-06-13 at 3 44 04 pm" 
src="https://user-images.githubusercontent.com/674497/27078183-5109d690-5050-11e7-82e4-d79a5e98295f.png";>
    
    
    ### Questions:
    * Does the licenses files need update?
    * Is there breaking changes for older versions?
    * Does this needs documentation?


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/prabhjyotsingh/zeppelin ZEPPELIN-1907

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/2407.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2407
    
----
commit ab823d3ee9373c38f5f083d3471adf351c9177a2
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-13T10:18:44Z

    relogin using keytab, and append message for the same

commit 7c539ef2eb943b30befc97bd5a15120e8d9ee42e
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-13T14:11:11Z

    add null check

commit ee741e483aaaa5b94104baa530dcdc8933d6d8ae
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-14T11:26:19Z

    @zjffdu review comments

commit 856c8716eccf81a5dc3d1eee94cba8a9a498c1e9
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-15T13:18:13Z

    renew token periodically

commit df6645a64b571766876c4bba8724180ccef33968
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-16T03:20:28Z

    add KerberosInterpreter and move kinit loginc there.

commit 72b32ae25fcb2d66675c3ffd7cfe1dcf2ca888cc
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-16T04:01:51Z

    add java doc

commit 96bfdfe97d7a08104f5856e29dad77a073a0dff5
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-16T07:34:11Z

    log more error

commit 289b7d34608ec50654f9a33dfae32be9bdaacbeb
Author: Prabhjyot Singh <prabhjyotsi...@gmail.com>
Date:   2017-06-16T07:40:11Z

    reset kinitFailCount on successful renew.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to