Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

kafka-sentry -lr not working

Labels:
avatar
author-rank Royal
New Contributor

Created on ‎08-08-2019 05:31 AM - last edited on ‎08-08-2019 02:15 PM by Community Manager Community Manager

ERROR transport.SentryTransportPool: Failed to obtain transport for xxx.us.xxx.com:8038: null
19/08/08 07:12:27 WARN security.UserGroupInformation: PriviledgedActionException as:xxxx@xxx.xxx.COM (auth:KERBEROS) cause:org.apache.thrift.transport.TTransportException: Peer indicated failure: Problem with callback handler
19/08/08 07:12:27 ERROR transport.SentryTransportPool: Failed to obtain transport for xxxx.us.xxx.com:8038: null
19/08/08 07:12:30 ERROR tools.SentryShellKafka: Peer indicated failure: Problem with callback handler
org.apache.sentry.SentryUserException: Peer indicated failure: Problem with callback handler
at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.connect(RetryClientInvocationHandler.java:166)
at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.invokeImpl(RetryClientInvocationHandler.java:90)
at org.apache.sentry.core.common.transport.SentryClientInvocationHandler.invoke(SentryClientInvocationHandler.java:41)
at com.sun.proxy.$Proxy6.listAllRoles(Unknown Source)
at org.apache.sentry.provider.db.generic.tools.command.ListRolesCmd.execute(ListRolesCmd.java:43)
at org.apache.sentry.provider.db.generic.tools.SentryShellKafka.run(SentryShellKafka.java:83)
at org.apache.sentry.provider.db.tools.SentryShellCommon.executeShell(SentryShellCommon.java:262)
at org.apache.sentry.provider.db.generic.tools.SentryShellKafka.main(SentryShellKafka.java:96)
Caused by: org.apache.thrift.transport.TTransportException: Peer indicated failure: Problem with callback handler
at org.apache.thrift.transport.TSaslTransport.receiveSaslMessage(TSaslTransport.java:199)
at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:307)
at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport.baseOpen(SentryTransportFactory.java:183)
at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport.access$100(SentryTransportFactory.java:141)
at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport$1.run(SentryTransportFactory.java:168)
at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport$1.run(SentryTransportFactory.java:166)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1920)
at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport.open(SentryTransportFactory.java:166)
at org.apache.sentry.core.common.transport.SentryTransportFactory.connectToServer(SentryTransportFactory.java:99)
at org.apache.sentry.core.common.transport.SentryTransportFactory.getTransport(SentryTransportFactory.java:86)
at org.apache.sentry.core.common.transport.SentryTransportPool$PoolFactory.create(SentryTransportPool.java:302)
at org.apache.sentry.core.common.transport.SentryTransportPool$PoolFactory.create(SentryTransportPool.java:271)
at org.apache.commons.pool2.BaseKeyedPooledObjectFactory.makeObject(BaseKeyedPooledObjectFactory.java:62)
at org.apache.commons.pool2.impl.GenericKeyedObjectPool.create(GenericKeyedObjectPool.java:1041)
at org.apache.commons.pool2.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:380)
at org.apache.commons.pool2.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:279)
at org.apache.sentry.core.common.transport.SentryTransportPool.getTransport(SentryTransportPool.java:181)
at org.apache.sentry.provider.db.generic.service.thrift.SentryGenericServiceClientDefaultImpl.connect(SentryGenericServiceClientDefaultImpl.java:91)
at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.connect(RetryClientInvocationHandler.java:141)
... 7 more
The operation failed. Message: Peer indicated failure: Problem with callback handler

 

 

i tried with all possible scenarios 

with super users, kafka all users and i tried with kafka super.users setting on cloudera,

also add all usernames in sentry.service.admin.group and sentry.service.allow.connect

 

 

 

4,628 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank Royal
New Contributor

Created ‎08-09-2019 06:18 AM

yes we have multiple Kafka clusters,

Issue was fixed.

solution:-

my username added with Caps on "sentry.service.allow.connect"

earlier i added with all small.

View solution in original post

4,686 Views
1
4 REPLIES 4

avatar
author-rank araujo author-rank
Super Guru

Created ‎08-08-2019 06:14 PM

It seems that you Sentry service is not aware of the Kafka brokers and fails to connect to the service.

You should check the following things:

 

  • Check the property "Sentry Service" in your Kafka service configuration and ensure that the correct Sentry service is selected.
  • Ensure the node from where you're running the kafka-sentry command has a Kafka Gateway role assigned to it.

After making the needed corrections, restart the stale services, deploy client configuration and try again.

 

Regards,

André

 

 

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
4,613 Views

avatar
author-rank Royal
New Contributor

Created ‎08-08-2019 07:02 PM

Hi Araujo,

 

still same error.

yes i verified that below are the my configs and yes i assigned Kafka Gateway role as well.2019-08-09 07_28_36-Kafka-4 - Cloudera Manager.png2019-08-09 07_30_06-Kafka-4 - Cloudera Manager.png2019-08-09 07_31_35-Sentry-2 - Cloudera Manager.png

4,610 Views
0 Kudos

avatar
author-rank araujo author-rank
Super Guru

Created ‎08-08-2019 11:32 PM

Do you have multiple Kafka and Sentry services on your cluster? Just wondering due to the numbering of those services (KAFKA-4 and SENTRY-2)?

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.
4,603 Views
0 Kudos

avatar
author-rank Royal
New Contributor

Created ‎08-09-2019 06:18 AM

yes we have multiple Kafka clusters,

Issue was fixed.

solution:-

my username added with Caps on "sentry.service.allow.connect"

earlier i added with all small.

4,687 Views
1
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements