hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8225) DistCp fails when invoked by Oozie
Date Mon, 30 Jul 2012 13:36:35 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424853#comment-13424853

Daryn Sharp commented on HADOOP-8225:

Actually, the fact that multiple projects need to make a similar change is indicative of a
bug in the core.  The passing along of tokens should be an invisible service provide by the
hadoop security framework.  Distcp and other tools should not know or care whether it's being
run via a real user, proxy user, via oozie, or something else.

I briefly investigated a bit more, and the env var actually originates from UGI which internally
uses it to automatically load the tokens, hence tools should not know about this internal
implementation detail of UGI.  I think the issue is the tokens are being loaded into the login
user instead of the real user.  I believe no tool will require changes if the UGI is modified
to load the tokens into the real user.
> DistCp fails when invoked by Oozie
> ----------------------------------
>                 Key: HADOOP-8225
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8225
>             Project: Hadoop Common
>          Issue Type: Bug
>    Affects Versions: 0.23.1
>            Reporter: Mithun Radhakrishnan
>         Attachments: HADOOP-8225.patch, HADOOP-8225.patch
> When DistCp is invoked through a proxy-user (e.g. through Oozie), the delegation-token-store
isn't picked up by DistCp correctly. One sees failures such as:
> ERROR [main] org.apache.hadoop.tools.DistCp: Couldn't complete DistCp
> operation: 
> java.lang.SecurityException: Intercepted System.exit(-999)
>     at
> org.apache.oozie.action.hadoop.LauncherSecurityManager.checkExit(LauncherMapper.java:651)
>     at java.lang.Runtime.exit(Runtime.java:88)
>     at java.lang.System.exit(System.java:904)
>     at org.apache.hadoop.tools.DistCp.main(DistCp.java:357)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>     at java.lang.reflect.Method.invoke(Method.java:597)
>     at
> org.apache.oozie.action.hadoop.LauncherMapper.map(LauncherMapper.java:394)
>     at org.apache.hadoop.mapred.MapRunner.run(MapRunner.java:54)
>     at org.apache.hadoop.mapred.MapTask.runOldMapper(MapTask.java:399)
>     at org.apache.hadoop.mapred.MapTask.run(MapTask.java:334)
>     at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:147)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at javax.security.auth.Subject.doAs(Subject.java:396)
>     at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1177)
>     at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:142)
> Looking over the DistCp code, one sees that HADOOP_TOKEN_FILE_LOCATION isn't being copied
to mapreduce.job.credentials.binary, in the job-conf. I'll post a patch for this shortly.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira


View raw message