HDDS-14578. Ozone admin command gives inconsistent error messages on expired keytab.

[sravani-revuri]

What changes were proposed in this pull request?

Ozone admin command gives inconsistent error messages on expired keytab for the following commands.

bash-5.1$ ozone admin safemode status
Service ID: scmservice
Could not determine leader node

bash-5.1$ ozone admin container create
java.security.cert.CertificateException: org.apache.hadoop.security.AccessControlException: Permission denied.

~# ozone admin container info 69017
Unable to retrieve the container details for 69017
~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: scm@example.COMValid starting       Expires              Service principal
01/30/2026 10:33:22  01/30/2026 20:33:22  krbtgt/example.COM@example.COM
        renew until 01/31/2026 10:33:10
~# date
Fri Feb  6 12:05:53 PM UTC 2026
root@ve1328:~# ozone admin scm roles
DestHost:destPort ve.example.com:9860 , LocalHost:localPort ve.example.com/10.xx:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[KERBEROS]
root@ve1328:~# ozone admin container info 69017
Unable to retrieve the container details for 69017
~# kinit -kt scm.keytab scm
~# ozone admin container info 69017
Container id: 69017
Pipeline id: 3c8208ce-46ca-4435-8554-f07a58ec6bf7
Write PipelineId: 7a571825-4751-4876-a6ac-acc4c097f282
Write Pipeline State: CLOSED
Container State: CLOSED

Works again on renewing the Kerberos credentials

What is the link to the Apache JIRA

https://issues.apache.org/jira/browse/HDDS-14578

How was this patch tested?

Manual test.

bash-5.1$ ozone admin container info 1
Unable to retrieve the container details for 1. DestHost:destPort scm1.org:9860 , LocalHost:localPort scm1.org/172.25.0.116:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[KERBEROS]

bash-5.1$ kinit -kt /etc/security/keytabs/scm.keytab scm/scm@EXAMPLE.COM
bash-5.1$ ozone admin container info 1
Container id: 1
Pipeline id: 9be87dfe-be2f-409f-8650-9b9ad05115ba
Write PipelineId: 9be87dfe-be2f-409f-8650-9b9ad05115ba
Write Pipeline State: OPEN
Container State: OPEN
SequenceId: 0
Datanodes: [c15fd59a-af5e-411f-8118-e5014ca3584e/ozonesecure-ha-datanode3-1.ozonesecure-ha_ozone_net]
Replicas: [State: OPEN; ReplicaIndex: 0; SequenceId: 0; Origin: c15fd59a-af5e-411f-8118-e5014ca3584e; Location: c15fd59a-af5e-411f-8118-e5014ca3584e/ozonesecure-ha-datanode3-1.ozonesecure-ha_ozone_net]

[adoroszlai]

Thanks @sravani-revuri for the patch. Are you planning to make admin commands more consistent, or just clarifying admin container info with the exception message?

[sravani-revuri]

Thanks @sravani-revuri for the patch. Are you planning to make admin commands more consistent, or just clarifying admin container info with the exception message?

I will be doing it for the other admin commands error messages mentioned in the jira. the jira was initially just for the container info command, but i had found some more inconsistencies. Updated the jira to handle it in this PR itself.

Will update the testing proof once i'm done.

[Gargi-jais11]

@sravani-revuri For the other ozone admin commands which need to have clear error message, please update about it in the PR description.