How can I pass a Kerberos ticket to Spring Yarn application - spring

I am trying to run the Simple Single Project Yarn Application detailed here. I deployed the application as a jar file to our hadoop cluster. When trying to run, I am getting an exception, stack trace below:
[2015-06-04 14:10:45.866] boot - 13669 ERROR [main] --- SpringApplication: Application startup failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.runCommandLineRunners(SpringApplication.java:680)
at org.springframework.boot.SpringApplication.afterRefresh(SpringApplication.java:695)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:322)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:961)
at org.springframework.boot.SpringApplication.run(SpringApplication.java:950)
at com.aetna.ise.yarn.publish.Application.main(Application.java:21)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
at java.lang.reflect.Method.invoke(Method.java:620)
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
at java.lang.Thread.run(Thread.java:857)
Caused by: org.springframework.yarn.YarnSystemException: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]; nested exception is org.apache.hadoop.security.AccessControlException: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
This is due to the fact that our cluster uses Kerberos authentication. Is there a way to pass the Kerberos ticket to the application in the Spring YARN code? I don't see any place to do that.

We can't currently delegate any tickets when application is submitted, but application itself can use kerberos.
This is explained in section http://docs.spring.io/spring-hadoop/docs/2.1.2.RELEASE/reference/html/springandhadoop-security.html#literal-spring-hadoop-security-literal-configuration-properties
For example something like shown below in application.yml(use principals from your cluster):
spring:
hadoop:
fsUri: hdfs://localhost:8020
resourceManagerHost: localhost
security:
userPrincipal: jvalkealahti/neo
userKeytab: /usr/local/hadoops/jvalkealahti.keytab
authMethod: kerberos
namenodePrincipal: hdfs/neo#LOCALDOMAIN
rmManagerPrincipal: yarn/neo#LOCALDOMAIN

Related

java.lang.NoClassDefFoundError in firebase admin

I have log4j in spring boot project which uses firebase admin
Randomly firebase admin threw this error even if it is not in use.
Exception in thread "firebase-database-worker" java.lang.NoClassDefFoundError: ch/qos/logback/classic/spi/ThrowableProxy
at ch.qos.logback.classic.spi.LoggingEvent.<init>(LoggingEvent.java:119)
at ch.qos.logback.classic.Logger.buildLoggingEventAndAppend(Logger.java:419)
at ch.qos.logback.classic.Logger.filterAndLog_0_Or3Plus(Logger.java:383)
at ch.qos.logback.classic.Logger.error(Logger.java:538)
at com.google.firebase.database.core.JvmPlatform$1.handleException(JvmPlatform.java:57)
at com.google.firebase.database.utilities.DefaultRunLoop.handleExceptionInternal(DefaultRunLoop.java:102)
at com.google.firebase.database.utilities.DefaultRunLoop.access$000(DefaultRunLoop.java:34)
at com.google.firebase.database.utilities.DefaultRunLoop$1.afterExecute(DefaultRunLoop.java:65)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1157)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
2022-08-13 22:27:22,729 INFO [http-nio-9658-exec-190]
It seems like it needs a different log library, and when I tried to install ch/qos
The project won't work. unless I removed it from the pom.xml
Does anyone have a solution?
i don't want to change my log library as I can't replace firebase now

Spring boot enable Https : SSL Keystore Error

I am trying to enable https in my spring boot application but getting 'Keystore was tampered with, or password was incorrect' error. Following are the below configuration i have in my application properties file.
server.port=8083
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=C:\\Users\\abc.jks
server.ssl.key-store-password=C:\\Users\\password.txt
However when i am using TomcatServletWebServerFactory to redirect http to https with the below configuration in application properties it works fine without any issue. application starts on http 8081 and https 8083 ports.
server.port=8083
http.server.port= 8081
server.ssl.enabled=true
server.ssl.key-store-type=JKS
server.ssl.key-store=C:\\Users\\abc.jks
server.ssl.key-store-password=C:\\Users\\password.txt
I am not able to find root cause and resolve the issue. Please help me to find out what i am doing wrong.
**Spring boot : 2.3.2.RELEASE
tomcat-embed-core-9.0.37.jar:9.0.37
jdk1.8.0_111**
Below is the error.
[AsyncReporter{org.springframework.cloud.sleuth.zipkin2.sender.RestTemplateSender#355ce6a6}] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
Caused by: java.lang.IllegalArgumentException: standardService.connector.startFailed
Caused by: org.apache.catalina.LifecycleException: Protocol handler start failed
Caused by: java.lang.IllegalArgumentException: Keystore was tampered with, or password was incorrect
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
Caused by: java.security.UnrecoverableKeyException: Password verification failed
You are missing key password.
server.ssl.key-password=yourpasswordhere

NoSuchMethodError when using hbase-server

In order to use TableMapper, I included the hbase-server dependencies to my hadoop project. hbase-shaded-client and hbase-server both have 1.1.2 version.
But when trying to run the hadoop job, I have an error that seems related to security:
FATAL [main] org.apache.hadoop.mapreduce.v2.app.MRAppMaster: Error starting MRAppMaster
java.lang.NoSuchMethodError: org.apache.hadoop.security.authentication.server.AuthenticationFilter.constructSecretProvider(Ljavax/servlet/ServletContext;Ljava/util/Properties;Z)Lorg/apache/hadoop/security/authentication/util/SignerSecretProvider;
at org.apache.hadoop.http.HttpServer2.constructSecretProvider(HttpServer2.java:447)
at org.apache.hadoop.http.HttpServer2.<init>(HttpServer2.java:339)
at org.apache.hadoop.http.HttpServer2.<init>(HttpServer2.java:114)
at org.apache.hadoop.http.HttpServer2$Builder.build(HttpServer2.java:290)
at org.apache.hadoop.yarn.webapp.WebApps$Builder.build(WebApps.java:261)
at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:303)
at org.apache.hadoop.mapreduce.v2.app.client.MRClientService.serviceStart(MRClientService.java:142)
at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
at org.apache.hadoop.mapreduce.v2.app.MRAppMaster.serviceStart(MRAppMaster.java:1107)
at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
at org.apache.hadoop.mapreduce.v2.app.MRAppMaster$4.run(MRAppMaster.java:1519)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at org.apache.hadoop.mapreduce.v2.app.MRAppMaster.initAndStartAppMaster(MRAppMaster.java:1515)
at org.apache.hadoop.mapreduce.v2.app.MRAppMaster.main(MRAppMaster.java:1448)
2016-08-22 11:04:29,010 INFO [main] org.apache.hadoop.util.ExitUtil: Exiting with status 1
Does someone have this problem before?
Thank you.
hbase shaded client seems to pull in an un-shaded version of servlet api classes. This can cause issues when deploying into web servers or any other framework that expects a different version of the servlet api to be available.

Squirrel Setup to connect to Phoenix - HBASE: Error java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.lang.NoSuchMethodError:

I am a newbie to Hbase & phoenix. I am trying to connect to HBASE via Phoenix JDBC Driver using Squirrel Client. Somehow I seem to get a strange error where the runtime complains of a NoSuchMethod Exception. I have included the relevant client jar phoenix-4.4.0-HBase-1.0-client in the lib folder of Squirrel and have registered the driver succesfully. When I try to connect I get this exception which seems to be a bit weird. I have xtracted the jar and seen that indeed the method getCurrentUser() exists in the org/apache/hadoop/security/UserGroupInformation.class file.
java.util.concurrent.ExecutionException: java.lang.RuntimeException: java.lang.NoSuchMethodError: org.apache.hadoop.security.UserGroupInformation.getCurrentUser()Lorg/apache/hadoop/security/UserGroupInformation;
at java.util.concurrent.FutureTask.report(FutureTask.java:122)
at java.util.concurrent.FutureTask.get(FutureTask.java:202)
at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand.awaitConnection(OpenConnectionCommand.java:132)
at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand.access$100(OpenConnectionCommand.java:45)
at net.sourceforge.squirrel_sql.client.mainframe.action.OpenConnectionCommand$2.run(OpenConnectionCommand.java:115)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
I finally uncovered it. The hadoop-0.20.2-core.jar and phoenix-4.4.0-HBase-1.0-client.jar have common overlapping classes, which were in the lib folder of the Squirrel client. hadoop-0.20.2-core.jar is required to connect to hive where as phoenix client jar is required to connect to hbase.
Whenever I need to connect to one or the other I have to exclude one of these from the lib folder while launching squirrel client.

Java RMI error in HP BSAE 2.0 configuration migration log

I'm attempting to track this issue with HP's Enterprise Support as well, but am not familiar with Java's RMI context, and am hoping the community can provide some assistance, too.
Context: recently upgraded the reporting tool for HP's BSA (Business Service Automation) Suite from SAR (Service Automation Reporting) 7.81 to BSAE (BSA Essentials) 2.0.
In the process, one of the steps is to migrate previously-used external user authentication to the new reporting tool. When running that migration script, the following Java error stack is dumped:
14:57:25,316 DEBUG [InvokeCommand] Using params: /var/opt/opsware/omdb/tmp/sar-aaa-migrate-1279033044903.xml
14:57:26,512 ERROR [Twiddle] Exec failed
java.rmi.UnmarshalException: Error unmarshaling return; nested exception is:
java.lang.ClassNotFoundException: com.opsware.cmdb.security.data.AAADataImportException (no security manager: RMI class loader disabled)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:227)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:133)
at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:365)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:197)
at org.jboss.jmx.connector.invoker.client.InvokerAdaptorClientInterceptor.invoke(InvokerAdaptorClientInterceptor.java:66)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ClientMethodInterceptor.invoke(ClientMethodInterceptor.java:74)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy0.invoke(Unknown Source)
at org.jboss.console.twiddle.command.InvokeCommand.invoke(InvokeCommand.java:235)
at org.jboss.console.twiddle.command.InvokeCommand.execute(InvokeCommand.java:291)
at org.jboss.console.twiddle.Twiddle.main(Twiddle.java:306)
Caused by: java.lang.ClassNotFoundException: com.opsware.cmdb.security.data.AAADataImportException (no security manager: RMI class loader disabled)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:375)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:165)
at java.rmi.server.RMIClassLoader$2.loadClass(RMIClassLoader.java:620)
at java.rmi.server.RMIClassLoader.loadClass(RMIClassLoader.java:247)
at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:197)
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575)
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:225)
... 13 more
Understanding that I have 0 access to the code base, is there a place I can start to look for what may be causing the RMI failures, or will this need to be handled exclusively through the vendor?
Thanks for any assistance/pointers!
Turns out the root cause on this error is related to issues with both the documented upgrade process from SAR to BSAE and the dataminer on the HPSA server attempting to re-mine the same data chunks over and over again.
The fix for this is to do a complete back-out of BSAE to a blank server, then doing a clean install.
Sadly, that means all historical data is lost in the process :-|

Resources