Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-11873

Creation of local datasets will fail on an impersonated namespace with non-default keytab url.

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 4.2.0, 4.1.2
    • Fix Version/s: 4.3.0, 4.2.1, 4.1.2
    • Component/s: Security
    • Labels:
      None
    • Rank:
      1|i003lr:

      Description

      If we have an impersonated namespace with a non-default keytab url, that is, keytab not under the value of security.keytab.path, then creation of the local datasets for workflow will fail with the following message:

      Failed to add instance history, details: Response code: 500, message: 'Internal Server Error', body: 'Error making request to AppFabric Service at http://<HOSTNAME>:<PORT>/v1/impersonation/credentials. Response: Response code: 500, message: 'Internal Server Error', body: 'Keytab file is not a readable file: /etc/security/keytabs/bob.headless.keytab'.'
      at co.cask.cdap.data2.datafabric.dataset.DatasetServiceClient.addInstance(DatasetServiceClient.java:175) ~[na:na]
      	at co.cask.cdap.data2.datafabric.dataset.RemoteDatasetFramework.addInstance(RemoteDatasetFramework.java:152) ~[na:na]
      	at co.cask.cdap.data2.dataset2.ForwardingDatasetFramework.addInstance(ForwardingDatasetFramework.java:85) ~[na:na]
      	at co.cask.cdap.data2.metadata.writer.LineageWriterDatasetFramework.addInstance(LineageWriterDatasetFramework.java:122) ~[na:na]
      	at co.cask.cdap.data2.dataset2.ForwardingDatasetFramework.addInstance(ForwardingDatasetFramework.java:85) ~[na:na]
      	at co.cask.cdap.internal.app.runtime.workflow.NameMappedDatasetFramework.addInstance(NameMappedDatasetFramework.java:101) ~[na:na]
      	at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver$3.call(WorkflowDriver.java:527) ~[na:na]
      	at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver$3.call(WorkflowDriver.java:524) ~[na:na]
      	at co.cask.cdap.common.service.Retries.callWithRetries(Retries.java:139) ~[na:na]
      	at co.cask.cdap.common.service.Retries.callWithRetries(Retries.java:114) ~[na:na]
      	at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.createLocalDatasets(WorkflowDriver.java:524) ~[na:na]
      	at co.cask.cdap.internal.app.runtime.workflow.WorkflowDriver.startUp(WorkflowDriver.java:206) ~[na:na]

      This is happening since currently we are creating the local dataset with the principal from the ProgramOptions. When the principal is not null, cdap will try to look for the keytab file in the default path, which result in this error.

      Creation on local datasets works fine if the namespace's keytab url is in the default path.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                yaojie Yaojie Feng
                Reporter:
                yaojie Yaojie Feng
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: