accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3513) Ensure MapReduce functionality with Kerberos enabled
Date Tue, 27 Jan 2015 22:38:35 GMT


Josh Elser commented on ACCUMULO-3513:

For later if needed: the actual failure seen if you try to run a MR job now.

Error: java.lang.IllegalArgumentException: Cannot instantiate
	at org.apache.accumulo.core.client.mapreduce.AccumuloOutputFormat.getRecordWriter(
	at org.apache.hadoop.mapred.MapTask$NewDirectOutputCollector.<init>(
	at org.apache.hadoop.mapred.MapTask.runNewMapper(
	at org.apache.hadoop.mapred.YarnChild$
	at Method)
	at org.apache.hadoop.mapred.YarnChild.main(
Caused by: java.lang.IllegalArgumentException: Cannot instantiate
	at org.apache.accumulo.core.client.mapreduce.lib.impl.ConfiguratorBase.getAuthenticationToken(
	at org.apache.accumulo.core.client.mapreduce.AccumuloOutputFormat.getAuthenticationToken(
	at org.apache.accumulo.core.client.mapreduce.AccumuloOutputFormat$AccumuloRecordWriter.<init>(
	at org.apache.accumulo.core.client.mapreduce.AccumuloOutputFormat.getRecordWriter(
	... 8 more
Caused by: java.lang.IllegalArgumentException: Subject is not logged in via Kerberos
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(
	at java.lang.reflect.Constructor.newInstance(
	at java.lang.Class.newInstance(
	... 13 more

> Ensure MapReduce functionality with Kerberos enabled
> ----------------------------------------------------
>                 Key: ACCUMULO-3513
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>          Components: client
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Blocker
>             Fix For: 1.7.0
> I talked to [~devaraj] today about MapReduce support running on secure Hadoop to help
get a picture about what extra might be needed to make this work.
> Generally, in Hadoop and HBase, the client must have valid credentials to submit a job,
then the notion of delegation tokens is used by for further communication since the servers
do not have access to the client's sensitive information. A centralized service manages creation
of a delegation token which is a record which contains certain information (such as the submitting
user name) necessary to securely identify the holder of the delegation token.
> The general idea is that we would need to build support into the master to manage delegation
tokens to node managers to acquire and use to run jobs. Hadoop and HBase both contain code
which implements this general idea, but we will need to apply them Accumulo and verify that
it is M/R jobs still work on a kerberized environment.

This message was sent by Atlassian JIRA

View raw message