在上一篇文章《kylin Unable to login, please check your username/password.》中,提到,如果cdh的配置文件发生了更新,而kylin没有重启,导致账户密码不对。
最近集群没有重启,依然出现账户名密码无法连接的情况,原来默认的管理员账户可以访问但是新增加的ANALYST账户无法访问,排查日志根本什么都看不到,如下为kylin日志
如果服务重启,应用就能恢复。
2019-09-16 21:38:01,808 DEBUG [http-bio-7070-exec-7] security.KylinAuthenticationProvider:57 : User cache [45, -40, 120, -36, -13, 32, -125, 5, -74, -81, -88, -58, 82, -46, -13, -98] is removed due to EXPLICIT 2019-09-16 21:38:01,917 DEBUG [http-bio-7070-exec-7] security.KylinAuthenticationProvider:113 : User ANALYST authorities : [ROLE_ANALYST] 2019-09-16 21:38:01,917 DEBUG [http-bio-7070-exec-7] cachesync.CachedCrudAssist:190 : Saving ManagedUser at /user/ANALYST
恰好使用curl命令检查时,发现报错
[dip@yz-ppdip-023 ~]$ curl -u ANALYST:test http://172.25.31.25:7070/kylin/login <!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Overwriting conflict /user/ANALYST, expect old TS 1568635187203, but it is 1568635214068</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b> <pre>org.apache.kylin.common.persistence.WriteConflictException: Overwriting conflict /user/ANALYST, expect old TS 1568635187203, but it is 1568635214068 org.apache.kylin.storage.hbase.HBaseResourceStore.checkAndPutResourceImpl(HBaseResourceStore.java:325) org.apache.kylin.common.persistence.ResourceStore.checkAndPutResourceCheckpoint(ResourceStore.java:323) org.apache.kylin.common.persistence.ResourceStore.putResource(ResourceStore.java:308) org.apache.kylin.common.persistence.ResourceStore.putResource(ResourceStore.java:287) org.apache.kylin.metadata.cachesync.CachedCrudAssist.save(CachedCrudAssist.java:192) org.apache.kylin.rest.security.KylinUserManager.update(KylinUserManager.java:122) org.apache.kylin.rest.service.KylinUserService.updateUser(KylinUserService.java:85) org.apache.kylin.rest.security.KylinAuthenticationProvider.authenticate(KylinAuthenticationProvider.java:117) org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:180) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:209) com.thetransactioncompany.cors.CORSFilter.doFilter(CORSFilter.java:244) </pre></p><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/7.0.90</h3></body></html>
以报错关键字进行检索,发现这是开源版本的一个bug,密码修改或者自己设置 密码时会出现的问题。
org.apache.kylin.common.persistence.WriteConflictException: Overwriting conflict /user/ANALYST, expect old TS 1568635187203, but it is
以下是开源社区的问题解决https://issues.apache.org/jira/browse/KYLIN-3562
解决办法:
$KYLIN_HOME/bin/metastore.sh remove /user
然后重启kylin集群
但是我尝试使用这个方案处理,并没有作用,最后解决方案:将这个账户监控起来,如果发现无法登录进行重启