search

DataLinkDC / dinky

Dinky is a real-time data development platform based on Apache Flink, enabling agile data development, deployment and operation.
http://www.dinky.org.cn
Apache License 2.0
3.1k stars 1.14k forks source link

[Bug] [zookeeper Kebers] java.security.PrivilegedActionException: javax.security.sasl.SaslException: #3835

Open chenhaipeng opened 3 weeks ago

chenhaipeng commented 3 weeks ago

Search before asking

What happened

i have config the keberos for flink ,but it did't work, the pic show below 企业微信20240926-111856

2024-09-26 10:50:29.688 INFO  org.apache.flink.shaded.curator4.org.apache.curator.framework.state.ConnectionStateManager(251): State change: CONNECTED
2024-09-26 10:50:29.688 ERROR org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.client.ZooKeeperSaslClient(308): An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.
2024-09-26 10:50:29.690 ERROR org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.ClientCnxn(1072): SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.
2024-09-26 10:50:29.691 ERROR org.apache.flink.shaded.curator4.org.apache.curator.ConnectionState(307): Authentication failed
2024-09-26 10:50:29.791 ERROR org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.CuratorFrameworkImpl(703): Ensure path threw exception org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.KeeperException$AuthFailedException: KeeperErrorCode = AuthFailed for /flink
    at org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.KeeperException.create(KeeperException.java:126) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.KeeperException.create(KeeperException.java:54) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.ZooKeeper.exists(ZooKeeper.java:1111) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.zookeeper3.org.apache.zookeeper.ZooKeeper.exists(ZooKeeper.java:1139) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.utils.ZKPaths.mkdirs(ZKPaths.java:291) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.NamespaceImpl$1.call(NamespaceImpl.java:90) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.connection.StandardConnectionHandlingPolicy.callWithRetry(StandardConnectionHandlingPolicy.java:64) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.RetryLoop.callWithRetry(RetryLoop.java:100) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.NamespaceImpl.fixForNamespace(NamespaceImpl.java:83) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.CuratorFrameworkImpl.fixForNamespace(CuratorFrameworkImpl.java:731) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.WatcherRemovalFacade.fixForNamespace(WatcherRemovalFacade.java:170) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.GetDataBuilderImpl.forPath(GetDataBuilderImpl.java:295) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.imps.GetDataBuilderImpl.forPath(GetDataBuilderImpl.java:35) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache$TreeNode.doRefreshData(TreeCache.java:287) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache$TreeNode.refreshData(TreeCache.java:266) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache$TreeNode.refresh(TreeCache.java:250) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache$TreeNode.wasCreated(TreeCache.java:316) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache.handleStateChange(TreeCache.java:819) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache.access$1800(TreeCache.java:75) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.recipes.cache.TreeCache$1.stateChanged(TreeCache.java:543) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.state.ConnectionStateManager.lambda$processEvents$1(ConnectionStateManager.java:280) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.listen.MappingListenerManager.lambda$forEach$0(MappingListenerManager.java:93) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.listen.MappingListenerManager.forEach(MappingListenerManager.java:90) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.listen.StandardListenerManager.forEach(StandardListenerManager.java:89) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.state.ConnectionStateManager.processEvents(ConnectionStateManager.java:280) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.state.ConnectionStateManager.access$000(ConnectionStateManager.java:44) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at org.apache.flink.shaded.curator4.org.apache.curator.framework.state.ConnectionStateManager$1.call(ConnectionStateManager.java:133) ~[flink-shaded-zookeeper-3.4.14.jar:3.4.14-14.0]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) ~[?:1.8.0_141]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) ~[?:1.8.0_141]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) ~[?:1.8.0_141]
    at java.lang.Thread.run(Thread.java:748) ~[?:1.8.0_141]

What you expected to happen

I think it may be some config in dinky did't work, it did't use kerberos config to connect

How to reproduce

config as example 企业微信20240926-111856

Anything else

No response

Version

1.1.0

Are you willing to submit PR?

Code of Conduct

Zzm0809 commented 2 weeks ago

仔细看日志,已经给出了原因。

chenhaipeng commented 2 weeks ago

仔细看日志,已经给出了原因。

配置的路径,文件都是存在的, 并且旧版是OK的

Zzm0809 commented 2 weeks ago

仔细看日志,已经给出了原因。

配置的路径,文件都是存在的, 并且旧版是OK的

社区无此环境 建议你本地调试下进行排查

chenhaipeng commented 2 weeks ago

好的,我排查一下