AnsweredAssumed Answered

Running MapR PACC With Secure Cluster

Question asked by PETER.EDIKE on Jul 6, 2018
Latest reply on Jul 17, 2018 by PETER.EDIKE

Hello Everyone,

 

I am presently trying to understand how to deploy an application running off the MapR PACC to use a MapR Secure Cluster. I have read the followoing documentation:

Generating a Service Ticket  and Security Considerations for the MapR PACC 

What I did like to know is If I am going to run a maprlogin command when the containers starts up or the command will be run automatically for me if the relevant environment variables exist

 

I am asking the above question because I have built a simple java program that connects to MapR DB and reads some random data. I packaged and deployed it to docker towards running with the following environment variables 

 MAPR_CLUSTER

MAPR_CLDB_HOSTS

MAPR_CONTAINER_USER

MAPR_CONTAINER_PASSWORD

MAPR_CONTAINER_UID

MAPR_CONTAINER_GID

MAPR_CONTAINER_GROUP

MAPR_TICKETFILE_LOCATION

 

But when the application starts up, An attempt to to connect to the database fails with the following exception

 

Caused by: javax.security.auth.login.LoginException: Unable to obtain MapR credentials
at com.mapr.security.maprsasl.MaprSecurityLoginModule.login(MaprSecurityLoginModule.java:228) ~[maprfs-6.0.1-mapr.jar!/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_151]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_151]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_151]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_151]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[na:1.8.0_151]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[na:1.8.0_151]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[na:1.8.0_151]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[na:1.8.0_151]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_151]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[na:1.8.0_151]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[na:1.8.0_151]
at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:724) ~[hadoop-common-2.7.0-mapr-1803.jar!/:na]
... 67 common frames omitted
Caused by: com.mapr.login.MapRLoginException: Failed to find ticket for cluster 'bigdata.interswitch.com', error = com.mapr.security.MutableInt@2db7a79b
at com.mapr.login.client.MapRLoginHttpsClient.doesSecurityHaveGoodKey(MapRLoginHttpsClient.java:240) ~[maprfs-6.0.1-mapr.jar!/:na]
at com.mapr.login.client.MapRLoginHttpsClient.authenticateIfNeeded(MapRLoginHttpsClient.java:154) ~[maprfs-6.0.1-mapr.jar!/:na]
at com.mapr.login.client.MapRLoginHttpsClient.authenticateIfNeeded(MapRLoginHttpsClient.java:115) ~[maprfs-6.0.1-mapr.jar!/:na]
at com.mapr.security.maprsasl.MaprSecurityLoginModule.login(MaprSecurityLoginModule.java:222) ~[maprfs-6.0.1-mapr.jar!/:na]
... 79 common frames omitted

The same code used to work when the cluster was unsecure

 

Kind Regards

Outcomes