Open macroxmu opened 7 years ago
Hmm, could you look at the ZK logs to see if it gives any good details about what happened?
zookeeper's log has error message as below: it look like authentication is not success,is there a configuration guide of kerberos login?
Hi have you solved this promblem?
Getting similar error 2017-10-19 14:58:56 [AsyncHBase I/O Worker #4] ERROR org.hbase.async.RegionClient - Unexpected exception from downstream on [id: 0x16055d89, /10.108.232.163:59245 => /10.80.15.226:16020] java.io.IOException: An established connection was aborted by the software in your host machine at sun.nio.ch.SocketDispatcher.read0(Native Method) at sun.nio.ch.SocketDispatcher.read(Unknown Source) at sun.nio.ch.IOUtil.readIntoNativeBuffer(Unknown Source) at sun.nio.ch.IOUtil.read(Unknown Source) at sun.nio.ch.SocketChannelImpl.read(Unknown Source) at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:64) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108) at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:318) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89) at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178) at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
@manolama Below are the zookeeper logs
2017-10-19 10:03:26,433 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197] - Accepted socket connection from /10.80.15.222:36604 2017-10-19 10:03:26,433 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@868] - Client attempting to establish new session at /10.80.15.222:36604 2017-10-19 10:03:26,448 - INFO [CommitProcessor:2:ZooKeeperServer@617] - Established session 0x25ecc9322b18541 with negotiated timeout 30000 for client /10.80.15.222:36604 2017-10-19 10:03:26,451 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@118] - Successfully authenticated client: authenticationID=storm@xxxx.com; authorizationID=storm@xxxx.com. 2017-10-19 10:03:26,452 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:SaslServerCallbackHandler@134] - Setting authorizedID: storm 2017-10-19 10:03:26,452 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@964] - adding SASL authorization for authorizationID: storm 2017-10-19 10:03:26,486 - INFO [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1008] - Closed socket connection for client /10.80.15.22
OK so it does look like kerberos with ZK may be the issue. One thing you can try, if your ZK allows it, is to add -Dzookeeper.sasl.client=false
to your TSD JVM flags and see if that lets you proceed.
My opentsdb version is 2.4, hbase version 1.0.2 with kerberos .
I config the opentsdb and asynchbase with offical documnet and reference the issue: https://github.com/OpenTSDB/asynchbase/issues/148 But I also cann't initially the opentsdb,the log is like this:
I config the opentsdb like this: modify opentsdb.conf to add kerberos authentication : hbase.zookeeper.quorum=linux108138:24002,linux108137:24002,linux108136:24002 hbase.zookeeper.znode.parent=/hbase hbase.security.auth.enable=true hbase.security.authentication=kerberos hbase.security.simple.username=user_for_training hbase.kerberos.regionserver.principal=hbase/hadoop.hadoop.com@HADOOP.COM hbase.sasl.clientconfig=Client
modify /usr/share/opentsdb/bin/tsdb to add JVMARGS: JVMARGS=${JVMARGS-'-enableassertions -enablesystemassertions'} JVMARGS="${JVMARGS} -Dhbase.kerberos.regionserver.principal=hbase/hadoop.hadoop.com@HADOOP.COM" JVMARGS="${JVMARGS} -Dhbase.sasl.clientconfig=Client" JVMARGS="${JVMARGS} -Djava.security.login.auth.config=/usr/share/opentsdb/bin/asynchbase.jass" JVMARGS="${JVMARGS} -Dhbase.security.authentication=kerberos" JVMARGS="${JVMARGS} -Dzookeeper.sasl.client=false"
the jass file: asynchbase.jass: Client { com.sun.security.auth.module.Krb5LoginModule required useKeyTab=true useTicketCache=true keyTab=/opt/hadoop_keytab/user_for_training/user.keytab principal="hbase/hadoop.hadoop.com@HADOOP.COM"; };