Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Storm gives SaslException: GSS initiate failed error with Valid ticket

Storm gives SaslException: GSS initiate failed error with Valid ticket

New Contributor

After integrating Storm with Kerberos, i started all the daemons. Getting no erro in logs of Nimbus, supervisor or UI. After taking kinit for storm I'm still getting this error:

# ./storm list

Running: /opt/jdk1.8.0_131/bin/java -client -Ddaemon.name= -Dstorm.options= -Dstorm.home=/opt/apache-storm-1.0.2 -Dstorm.log.dir=/opt/apache-storm-1.0.2/logs -Djava.library.path=/usr/local/lib:/opt/local/lib:/usr/lib -Dstorm.conf.file= -cp /opt/apache-storm-1.0.2/lib/storm-core-1.0.2.jar:/opt/apache-storm-1.0.2/lib/kryo-3.0.3.jar:/opt/apache-storm-1.0.2/lib/reflectasm-1.10.1.jar:/opt/apache-storm-1.0.2/lib/asm-5.0.3.jar:/opt/apache-storm-1.0.2/lib/minlog-1.3.0.jar:/opt/apache-storm-1.0.2/lib/objenesis-2.1.jar:/opt/apache-storm-1.0.2/lib/clojure-1.7.0.jar:/opt/apache-storm-1.0.2/lib/disruptor-3.3.2.jar:/opt/apache-storm-1.0.2/lib/log4j-api-2.1.jar:/opt/apache-storm-1.0.2/lib/log4j-core-2.1.jar:/opt/apache-storm-1.0.2/lib/log4j-slf4j-impl-2.1.jar:/opt/apache-storm-1.0.2/lib/slf4j-api-1.7.7.jar:/opt/apache-storm-1.0.2/lib/log4j-over-slf4j-1.6.6.jar:/opt/apache-storm-1.0.2/lib/servlet-api-2.5.jar:/opt/apache-storm-1.0.2/lib/storm-rename-hack-1.0.2.jar:/opt/apache-storm-1.0.2/conf:/opt/apache-storm-1.0.2/bin org.apache.storm.command.list 1791 [main] INFO o.a.s.m.n.Login - successfully logged in. 1804 [main] ERROR o.a.s.s.a.k.KerberosSaslTransportPlugin - Client failed to open SaslClientTransport to interact with a server during session initiation: org.apache.storm.thrift.transport.TTransportException: java.net.ConnectException: Connection refused (Connection refused) org.apache.storm.thrift.transport.TTransportException: java.net.ConnectException: Connection refused (Connection refused) at org.apache.storm.thrift.transport.TSocket.open(TSocket.java:226) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.transport.TSaslTransport.open(TSaslTransport.java:266) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin$1.run(KerberosSaslTransportPlugin.java:145) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin$1.run(KerberosSaslTransportPlugin.java:141) [storm-core-1.0.2.jar:1.0.2] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_131] at javax.security.auth.Subject.doAs(Subject.java:422) [?:1.8.0_131] at org.apache.storm.security.auth.kerberos.KerberosSaslTransportPlugin.connect(KerberosSaslTransportPlugin.java:140) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.security.auth.TBackoffConnect.doConnectWithRetry(TBackoffConnect.java:53) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.security.auth.ThriftClient.reconnect(ThriftClient.java:99) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.security.auth.ThriftClient.<init>(ThriftClient.java:69) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.utils.NimbusClient.<init>(NimbusClient.java:106) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.utils.NimbusClient.getConfiguredClientAs(NimbusClient.java:66) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.command.list$_main.invoke(list.clj:22) [storm-core-1.0.2.jar:1.0.2] at clojure.lang.AFn.applyToHelper(AFn.java:152) [clojure-1.7.0.jar:?] at clojure.lang.AFn.applyTo(AFn.java:144) [clojure-1.7.0.jar:?] at org.apache.storm.command.list.main(Unknown Source) [storm-core-1.0.2.jar:1.0.2] Caused by: java.net.ConnectException: Connection refused (Connection refused) at java.net.PlainSocketImpl.socketConnect(Native Method) ~[?:1.8.0_131] at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350) ~[?:1.8.0_131] at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) ~[?:1.8.0_131] at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) ~[?:1.8.0_131] at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) ~[?:1.8.0_131] at java.net.Socket.connect(Socket.java:589) ~[?:1.8.0_131] at org.apache.storm.thrift.transport.TSocket.open(TSocket.java:221) ~[storm-core-1.0.2.jar:1.0.2] ... 16 more 1814 [main] WARN o.a.s.u.NimbusClient - Ignoring exception while trying to get leader nimbus info from localhost. will retry with a different seed host. org.apache.storm.thrift.transport.TTransportException: SASL authentication not complete at org.apache.storm.thrift.transport.TSaslTransport.write(TSaslTransport.java:474) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.transport.TSaslClientTransport.write(TSaslClientTransport.java:37) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.protocol.TBinaryProtocol.writeI32(TBinaryProtocol.java:178) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.protocol.TBinaryProtocol.writeMessageBegin(TBinaryProtocol.java:106) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.TServiceClient.sendBase(TServiceClient.java:70) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.thrift.TServiceClient.sendBase(TServiceClient.java:62) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.generated.Nimbus$Client.send_getClusterInfo(Nimbus.java:1150) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.generated.Nimbus$Client.getClusterInfo(Nimbus.java:1143) ~[storm-core-1.0.2.jar:1.0.2] at org.apache.storm.utils.NimbusClient.getConfiguredClientAs(NimbusClient.java:67) [storm-core-1.0.2.jar:1.0.2] at org.apache.storm.command.list$_main.invoke(list.clj:22) [storm-core-1.0.2.jar:1.0.2] at clojure.lang.AFn.applyToHelper(AFn.java:152) [clojure-1.7.0.jar:?] at clojure.lang.AFn.applyTo(AFn.java:144) [clojure-1.7.0.jar:?] at org.apache.storm.command.list.main(Unknown Source) [storm-core-1.0.2.jar:1.0.2] Exception in thread "main" org.apache.storm.utils.NimbusLeaderNotFoundException: Could not find leader nimbus from seed hosts ["localhost"]. Did you specify a valid list of nimbus hosts for config nimbus.seeds? at org.apache.storm.utils.NimbusClient.getConfiguredClientAs(NimbusClient.java:90) at org.apache.storm.command.list$_main.invoke(list.clj:22) at clojure.lang.AFn.applyToHelper(AFn.java:152) at clojure.lang.AFn.applyTo(AFn.java:144) at org.apache.storm.command.list.main(Unknown Source)

4 REPLIES 4

Re: Storm gives SaslException: GSS initiate failed error with Valid ticket

Super Mentor

@M J

Have you added the following property inside the "Advanced storm-site" ?

"nimbus.impersonation.acl":  "{ {{storm_bare_jaas_principal}} : {hosts: ['*'], groups: ['*']}}" 

Also please make sure that the "nimbus.impersonation.authorizer" property has the following value:

nimbus.impersonation.authorizer   =   org.apache.storm.security.auth.authorizer.ImpersonationAuthorizer

Re: Storm gives SaslException: GSS initiate failed error with Valid ticket

New Contributor

I'm not sure which one is the storm_bare_jaas_principal. could you please help.

Re: Storm gives SaslException: GSS initiate failed error with Valid ticket

Super Mentor

@M J

In your Ambari UI Please navigate to:

Ambari UI --> "Storm" --> "Configs" (tab) --> Advanced storm-site (Link expand)

Do you see the following properties set?

15862-nimbus-configuration-in-ambariui.png

.

Re: Storm gives SaslException: GSS initiate failed error with Valid ticket

New Contributor

I have added both of them, still getting the same error.

Don't have an account?
Coming from Hortonworks? Activate your account here