Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Accumulo Store with Kerberos

See original GitHub issue

Hi,

I have an Accumulo cluster (version: 1.7.2-cdh5.5.0) with kerberos enabled and I would like to know how I can configure Gaffer to use my Accumulo cluster as the underlying store.

I have read the doc on Accumulo store and looked at the TheBasics.java from gaffer-doc repo (master branch). I didn’t find any instructions on whether specific settings are required for kerberos.

I downloaded the iterators.jar and distributed it to all my tservers. Then I modified TheBasics.java with my Accumulo properties

        final AccumuloProperties properties = new AccumuloProperties();
        properties.setStoreClass(AccumuloStore.class);
        properties.setInstance("<my_instance>");
        properties.setZookeepers("<my_zk1>:2181,<my_zk2>:2181,<my_zk3>:2181");
        properties.setUser("myuser@EXAMPLE.COM");
        properties.setPassword("<my_password>");

And I get the following Exception

Exception in thread "main" java.lang.IllegalArgumentException: Could not initialise the store with provided arguments.
	at uk.gov.gchq.gaffer.store.Store.createStore(Store.java:262)
	at uk.gov.gchq.gaffer.graph.Graph$Builder.updateStore(Graph.java:1066)
	at uk.gov.gchq.gaffer.graph.Graph$Builder.build(Graph.java:953)
	at uk.gov.gchq.gaffer.doc.user.walkthrough.TheBasics.run(TheBasics.java:121)
	at uk.gov.gchq.gaffer.doc.user.walkthrough.TheBasics.main(TheBasics.java:161)
Caused by: uk.gov.gchq.gaffer.store.StoreException: Failed to create accumulo connection
	at uk.gov.gchq.gaffer.accumulostore.utils.TableUtils.getConnector(TableUtils.java:219)
	at uk.gov.gchq.gaffer.accumulostore.AccumuloStore.getConnection(AccumuloStore.java:205)
	at uk.gov.gchq.gaffer.accumulostore.utils.TableUtils.ensureTableExists(TableUtils.java:76)
	at uk.gov.gchq.gaffer.accumulostore.AccumuloStore.initialise(AccumuloStore.java:160)
	at uk.gov.gchq.gaffer.store.Store.createStore(Store.java:260)
	... 4 more
Caused by: org.apache.accumulo.core.client.AccumuloException: java.lang.RuntimeException: Cannot use SASL if Hadoop security is not enabled
	at org.apache.accumulo.core.client.impl.ServerClient.execute(ServerClient.java:70)
	at org.apache.accumulo.core.client.impl.ConnectorImpl.<init>(ConnectorImpl.java:73)
	at org.apache.accumulo.core.client.ZooKeeperInstance.getConnector(ZooKeeperInstance.java:308)
	at uk.gov.gchq.gaffer.accumulostore.utils.TableUtils.getConnector(TableUtils.java:217)
	... 8 more
Caused by: java.lang.RuntimeException: Cannot use SASL if Hadoop security is not enabled
	at org.apache.accumulo.core.rpc.SaslConnectionParams.updatePrincipalFromUgi(SaslConnectionParams.java:194)
	at org.apache.accumulo.core.rpc.SaslConnectionParams.<init>(SaslConnectionParams.java:140)
	at org.apache.accumulo.core.client.impl.ClientContext$3.get(ClientContext.java:117)
	at org.apache.accumulo.core.client.impl.ClientContext$3.get(ClientContext.java:109)
	at com.google.common.base.Suppliers$ExpiringMemoizingSupplier.get(Suppliers.java:185)
	at org.apache.accumulo.core.client.impl.ClientContext.getSaslParams(ClientContext.java:182)
	at org.apache.accumulo.core.client.impl.ThriftTransportKey.<init>(ThriftTransportKey.java:44)
	at org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:144)
	at org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:124)
	at org.apache.accumulo.core.client.impl.ServerClient.getConnection(ServerClient.java:119)
	at org.apache.accumulo.core.client.impl.ServerClient.executeRaw(ServerClient.java:100)
	at org.apache.accumulo.core.client.impl.ServerClient.execute(ServerClient.java:64)
	... 11 more

Any suggestions?

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
d47853commented, Dec 3, 2020

Yeah it’s still very high on our priority list. We are hoping to release it along with a number of other version upgrades inc. Hadoop in the early part of next year

0reactions
tdong6commented, Dec 3, 2020

@d47853 Thanks, I disabled SASL and the example code just hangs. I can see it reached zookeeper from the zookeeper log and the connection keeps being started and stopped. After I exited the code, I got

EndOfStreamException: Unable to read additional data from client sessionid 0x17624cb458600f0, likely client has closed socket
        at org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:231)
        at org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)
        at java.lang.Thread.run(Thread.java:748)

which is expected, though I am not sure why it’s stuck there. Then I realised the Gaffer I am using is built on top of Accumulo 1.9.3 and I am using a different version of Accumulo (1.7.2), so that could be the cause. At this point, I feel the best way for me to try Gaffer on Accumulo is probably setting up an Accumulo cluster (1.9.3) with default settings.

I find there is a discussion on upgrading Gaffer to support Accumulo 2.x but don’t see much follow-up if I am not missing anything. Is this still on the roadmap?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Accumulo Documentation - Kerberos
Kerberos is a network authentication protocol that provides a secure way for peers to prove their identity over an unsecure network in a...
Read more >
Practical Kerberos with Apache Accumulo - YouTube
Kerberos is the system which underpins the vast majority of strong authentication across the Apache Hadoop application stack.
Read more >
15.8. Kerberos — GeoMesa 3.4.0 Manuals
Kerberos support is a beta-level feature, and hasn't been extensively tested with ... The GeoServer store should specify the accumulo.keytab.path parameter.
Read more >
Connecting to Accumulo inside a Mapper using Kerberos
I have tried context.getCredentials().getAllTokens() and looking for a token of type org.apache.accumulo.code.client.security.tokens.
Read more >
Accumulo - Hortonworks Data Platform
/accumulo/ $UUID /hdfs_reservations - ZNode to coordinate unique directories in HFDS for bulk imports of Accumulo files to a table.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

ChainedIterable Duplicated Classes.

Next page

FederatedStore-FederatedAccess: Inappropriate usage of GraphAuths arguments