hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wei-Chiu Chuang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-13137) TraceAdmin should support Kerberized cluster
Date Mon, 23 May 2016 16:41:13 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-13137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Wei-Chiu Chuang updated HADOOP-13137:
-------------------------------------
    Attachment: HADOOP-13137.003.patch

v03. Thanks [~steve_l] and [~cmccabe]!
bq.  No need to wrap the LOG.debug() with a condition; SLF4J is low cost if is not invoked
done
bq.  Could you replace the ``${dfs.namenode.kerberos.principal}`
done

bq.  I do wonder why we need a new file, TestKerberizedTraceAdmin.java, when it could have
been a test in TestTraceAdmin.java
I needed a subclass of {{SaslDataTransferTestCase}} to set up Kerberized mini cluster.
I removed the new test file, and instead, let {{TestTraceAdmin}} to extend from {{SaslDataTransferTestCase}}.

bq.  I think there are a few other commands that might need to get an argument like this
I believe so. I'm working on a patch to support {{hadoop daemonlog}} in Kerberized cluster,
and I suspect erasure coding commands and other new commands should also be fixed.

> TraceAdmin should support Kerberized cluster
> --------------------------------------------
>
>                 Key: HADOOP-13137
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13137
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: tracing
>    Affects Versions: 2.6.0, 3.0.0-alpha1
>         Environment: CDH5.5.1 cluster with Kerberos
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>              Labels: Kerberos
>         Attachments: HADOOP-13137.001.patch, HADOOP-13137.002.patch, HADOOP-13137.003.patch
>
>
> When I run {{hadoop trace}} command for a Kerberized NameNode, it failed with the following
error:
> [hdfs@weichiu-encryption-1 root]$ hadoop trace -list  -host weichiu-encryption-1.vpc.cloudera.com:802216/05/12
00:02:13 WARN ipc.Client: Exception encountered while connecting to the server : java.lang.IllegalArgumentException:
Failed to specify server's Kerberos principal name
> 16/05/12 00:02:13 WARN security.UserGroupInformation: PriviledgedActionException as:hdfs@VPC.CLOUDERA.COM
(auth:KERBEROS) cause:java.io.IOException: java.lang.IllegalArgumentException: Failed to specify
server's Kerberos principal name
> Exception in thread "main" java.io.IOException: Failed on local exception: java.io.IOException:
java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name; Host
Details : local host is: "weichiu-encryption-1.vpc.cloudera.com/172.26.8.185"; destination
host is: "weichiu-encryption-1.vpc.cloudera.com":8022;
> 	at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772)
> 	at org.apache.hadoop.ipc.Client.call(Client.java:1470)
> 	at org.apache.hadoop.ipc.Client.call(Client.java:1403)
> 	at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:230)
> 	at com.sun.proxy.$Proxy11.listSpanReceivers(Unknown Source)
> 	at org.apache.hadoop.tracing.TraceAdminProtocolTranslatorPB.listSpanReceivers(TraceAdminProtocolTranslatorPB.java:58)
> 	at org.apache.hadoop.tracing.TraceAdmin.listSpanReceivers(TraceAdmin.java:68)
> 	at org.apache.hadoop.tracing.TraceAdmin.run(TraceAdmin.java:177)
> 	at org.apache.hadoop.tracing.TraceAdmin.main(TraceAdmin.java:195)
> Caused by: java.io.IOException: java.lang.IllegalArgumentException: Failed to specify
server's Kerberos principal name
> 	at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:682)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:415)
> 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
> 	at org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:645)
> 	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:733)
> 	at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:370)
> 	at org.apache.hadoop.ipc.Client.getConnection(Client.java:1519)
> 	at org.apache.hadoop.ipc.Client.call(Client.java:1442)
> 	... 7 more
> Caused by: java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal
name
> 	at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:322)
> 	at org.apache.hadoop.security.SaslRpcClient.createSaslClient(SaslRpcClient.java:231)
> 	at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:159)
> 	at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
> 	at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:555)
> 	at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:370)
> 	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:725)
> 	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:721)
> 	at java.security.AccessController.doPrivileged(Native Method)
> 	at javax.security.auth.Subject.doAs(Subject.java:415)
> 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
> 	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:720)
> 	... 10 more
> It is failing because {{TraceAdmin}} does not set up the property {{CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY}}
> Fixing it may require some restructuring, as the NameNode principal {{dfs.namenode.kerberos.principal}}
is a HDFS property, but TraceAdmin is in hadoop-common. Or, specify it with a new command
{{-principal}}. Any suggestions? Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message