Support Questions
Find answers, ask questions, and share your expertise

Apache Knox "HTTP ERROR 500" on HDP install cluster

Expert Contributor

Attached sec.xml

I have 3 node cluster with HDP2.5.3 with Ambari 2.5.2 with below services -


Ranger integrated with AD - running on node1

Knox integrated with AD - running on node1

Ranger and Knox are working fine with AD and tested successfully.

Now requirement is to install Apache knox 0.13.0 on same cluster but of diff node and integrate same with AD.

  1. Ques: Do you think knox 0.13.0 will work with existing HDP2.5.3 cluster ?
  2. If YES - I am facing issue after configuring knox manually - Below are the error -

KNOX CLI logs - shows authetication successful -

# ./knoxcli.sh user-auth-test --cluster sec --u user3_sg3 --p P@ssw0rd --d

LDAP authentication successful!

Bug below curl command gives error -

===========

$ curl -i -k -u user3_sg3:P@ssw0rd -X GET 'https://localhost:8443/gateway/sec/webhdfs/v1/?op=LISTSTATUS'

HTTP/1.1 500 Server Error

Date: Thu, 08 Mar 2018 06:09:27 GMT

Set-Cookie: JSESSIONID=9b001lflctxb1n8dx0yt6943j;Path=/gateway/sec;Secure;HttpOnly

Set-Cookie: rememberMe=deleteMe; Path=/gateway/sec; Max-Age=0; Expires=Wed, 07-Mar-2018 06:09:28 GMT

Content-Type: text/html; charset=ISO-8859-1

Cache-Control: must-revalidate,no-cache,no-store

Content-Length: 313

Connection: close

Server: Jetty(9.2.15.v20160210)

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>

<title>Error 500 Server Error</title>

</head>

<body><h2>HTTP ERROR 500</h2>

<p>Problem accessing /gateway/sec/webhdfs/v1/. Reason:

<pre> Server Error</pre></p><hr><i><small>Powered by Jetty://</small></i><hr/>

</body>

</html>

===========

Gateway logs :

===========

2018-03-08 06:09:31,519 WARN hadoop.gateway (DefaultDispatch.java:executeOutboundRequest(146)) - Connection exception dispatching request: http://<NN_HOST>:50070/webhdfs/v1/?op=LISTSTATUS&doAs=user3_sg3 java.lang.SecurityException: java.io.IOException: Configuration Error:

expected [module class name], read [end of file]

java.lang.SecurityException: java.io.IOException: Configuration Error:

expected [module class name], read [end of file]

at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:137)

at sun.security.provider.ConfigFile.<init>(ConfigFile.java:102)

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)

at java.lang.reflect.Constructor.newInstance(Constructor.java:423)

at java.lang.Class.newInstance(Class.java:442)

at javax.security.auth.login.Configuration$2.run(Configuration.java:255)

at javax.security.auth.login.Configuration$2.run(Configuration.java:247)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:246)

at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:76)

at sun.security.jgss.LoginConfigImpl$1.run(LoginConfigImpl.java:74)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.jgss.LoginConfigImpl.<init>(LoginConfigImpl.java:74)

at sun.security.jgss.GSSUtil.login(GSSUtil.java:256)

at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:158)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:338)

at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:334)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:333)

at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:145)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)

at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)

at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)

at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)

at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)

at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)

at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)

at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)

at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)

at org.apache.http.impl.auth.GGSSchemeBase.generateGSSToken(GGSSchemeBase.java:124)

at org.apache.http.impl.auth.SPNegoScheme.generateToken(SPNegoScheme.java:95)

at org.apache.http.impl.auth.GGSSchemeBase.authenticate(GGSSchemeBase.java:223)

at org.apache.http.impl.auth.SPNegoScheme.authenticate(SPNegoScheme.java:85)

at org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239)

at org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202)

at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:263)

at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)

at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)

at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)

at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

at org.apache.hadoop.gateway.dispatch.DefaultDispatch.executeOutboundRequest(DefaultDispatch.java:129)

at org.apache.hadoop.gateway.dispatch.DefaultDispatch.executeRequest(DefaultDispatch.java:115)

at org.apache.hadoop.gateway.dispatch.DefaultDispatch.doGet(DefaultDispatch.java:277)

at org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter$GetAdapter.doMethod(GatewayDispatchFilter.java:123)

at org.apache.hadoop.gateway.dispatch.GatewayDispatchFilter.doFilter(GatewayDispatchFilter.java:106)

at org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter.doFilterInternal(AbstractIdentityAssertionFilter.java:196)

at org.apache.hadoop.gateway.identityasserter.common.filter.AbstractIdentityAssertionFilter.continueChainAsPrincipal(AbstractIdentityAssertionFilter.java:153)

at org.apache.hadoop.gateway.identityasserter.common.filter.CommonIdentityAssertionFilter.doFilter(CommonIdentityAssertionFilter.java:91)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.hadoop.gateway.filter.rewrite.api.UrlRewriteServletFilter.doFilter(UrlRewriteServletFilter.java:60)

at org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:91)

at org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain$1.run(ShiroSubjectIdentityAdapter.java:88)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Subject.java:422)

at org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:143)

at org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter$CallableChain.call(ShiroSubjectIdentityAdapter.java:75)

at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)

at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)

at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)

at org.apache.hadoop.gateway.filter.ShiroSubjectIdentityAdapter.doFilter(ShiroSubjectIdentityAdapter.java:72)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:61)

at org.apache.shiro.web.servlet.AdviceFilter.executeChain(AdviceFilter.java:108)

at org.apache.shiro.web.servlet.AdviceFilter.doFilterInternal(AdviceFilter.java:137)

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

at org.apache.shiro.web.servlet.ProxiedFilterChain.doFilter(ProxiedFilterChain.java:66)

at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)

at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)

at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)

at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)

at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)

at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)

at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.hadoop.gateway.filter.ResponseCookieFilter.doFilter(ResponseCookieFilter.java:50)

at org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.hadoop.gateway.filter.XForwardedHeaderFilter.doFilter(XForwardedHeaderFilter.java:30)

at org.apache.hadoop.gateway.filter.AbstractGatewayFilter.doFilter(AbstractGatewayFilter.java:61)

at org.apache.hadoop.gateway.GatewayFilter$Holder.doFilter(GatewayFilter.java:346)

at org.apache.hadoop.gateway.GatewayFilter$Chain.doFilter(GatewayFilter.java:246)

at org.apache.hadoop.gateway.GatewayFilter.doFilter(GatewayFilter.java:140)

at org.apache.hadoop.gateway.GatewayFilter.doFilter(GatewayFilter.java:92)

at org.apache.hadoop.gateway.GatewayServlet.service(GatewayServlet.java:141)

at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:812)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:587)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:577)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:223)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1127)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:515)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1061)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:215)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)

at org.apache.hadoop.gateway.trace.TraceHandler.handle(TraceHandler.java:51)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)

at org.apache.hadoop.gateway.filter.CorrelationHandler.handle(CorrelationHandler.java:39)

at org.eclipse.jetty.servlets.gzip.GzipHandler.handle(GzipHandler.java:529)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)

at org.apache.hadoop.gateway.filter.PortMappingHelperHandler.handle(PortMappingHelperHandler.java:152)

at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:110)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)

at org.eclipse.jetty.server.Server.handle(Server.java:499)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:311)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:257)

at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:544)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:635)

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:555)

at java.lang.Thread.run(Thread.java:748)

Caused by: java.io.IOException: Configuration Error:

expected [module class name], read [end of file]

at sun.security.provider.ConfigFile$Spi.ioException(ConfigFile.java:666)

at sun.security.provider.ConfigFile$Spi.match(ConfigFile.java:519)

at sun.security.provider.ConfigFile$Spi.parseLoginEntry(ConfigFile.java:450)

at sun.security.provider.ConfigFile$Spi.readConfig(ConfigFile.java:427)

at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:329)

at sun.security.provider.ConfigFile$Spi.init(ConfigFile.java:271)

at sun.security.provider.ConfigFile$Spi.<init>(ConfigFile.java:135)

... 125 more

2018-03-08 06:09:31,639 ERROR hadoop.gateway (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: java.io.IOException: Service connectivity error.

2018-03-08 06:09:31,639 ERROR hadoop.gateway (AbstractGatewayFilter.java:doFilter(63)) - Failed to execute filter: java.io.IOException: Service connectivity error.

2018-03-08 06:09:31,684 ERROR hadoop.gateway (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute filter: javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException: java.security.PrivilegedActionException: java.io.IOException: Service connectivity error.

2018-03-08 06:09:31,729 ERROR hadoop.gateway (AbstractGatewayFilter.java:doFilter(66)) - Failed to execute filter: javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException: java.security.PrivilegedActionException: java.io.IOException: Service connectivity error.

2018-03-08 06:09:31,730 ERROR hadoop.gateway (GatewayFilter.java:doFilter(146)) - Gateway processing failed: javax.servlet.ServletException: org.apache.shiro.subject.ExecutionException: java.security.PrivilegedActionException: java.io.IOException: Service connectivity error.

===========

Gateway audit logs -

===========

18/03/08 06:09:28 ||4eb6de4d-2baa-4a9b-8438-73fcccf5e6a4|audit|0:0:0:0:0:0:0:1|WEBHDFS||||access|uri|/gateway/sec/webhdfs/v1/?op=LISTSTATUS|unavailable|Request method: GET

18/03/08 06:09:28 ||4eb6de4d-2baa-4a9b-8438-73fcccf5e6a4|audit|0:0:0:0:0:0:0:1|WEBHDFS|user3_sg3|||authentication|uri|/gateway/sec/webhdfs/v1/?op=LISTSTATUS|success|

18/03/08 06:09:28 ||4eb6de4d-2baa-4a9b-8438-73fcccf5e6a4|audit|0:0:0:0:0:0:0:1|WEBHDFS|user3_sg3|||authentication|uri|/gateway/sec/webhdfs/v1/?op=LISTSTATUS|success|Groups: []

18/03/08 06:09:30 ||4eb6de4d-2baa-4a9b-8438-73fcccf5e6a4|audit|0:0:0:0:0:0:0:1|WEBHDFS|user3_sg3|||dispatch|uri|http://ip-10-0-1-22.ec2.internal:50070/webhdfs/v1/?op=LISTSTATUS&doAs=user3_sg3|unavailable|Request method: GET

18/03/08 06:09:31 ||4eb6de4d-2baa-4a9b-8438-73fcccf5e6a4|audit|0:0:0:0:0:0:0:1|WEBHDFS|user3_sg3|||dispatch|uri|http://ip-10-0-1-22.ec2.internal:50070/webhdfs/v1/?op=LISTSTATUS&doAs=user3_sg3|failure|

18/03/08 06:09:31 ||4eb6de4d-2baa-4a9b-8438-73fcccf5e6a4|audit|0:0:0:0:0:0:0:1|WEBHDFS|user3_sg3|||access|uri|/gateway/sec/webhdfs/v1/?op=LISTSTATUS|failure|

===========

Attaching topology file here

0 REPLIES 0