hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ambud Sharma (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-8485) Transparent Encryption Fails to work with Yarn/MapReduce
Date Thu, 28 May 2015 20:47:40 GMT

    [ https://issues.apache.org/jira/browse/HDFS-8485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14563665#comment-14563665
] 

Ambud Sharma commented on HDFS-8485:
------------------------------------

I have tried 2.7 and the error still exists

16:46:31,542 ERROR [stderr] (pool-17-thread-1) Error: java.io.IOException: org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)
16:46:31,542 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:489)
16:46:31,542 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:776)
16:46:31,542 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:388)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:1392)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1494)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1479)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem$7.doCall(DistributedFileSystem.java:451)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem$7.doCall(DistributedFileSystem.java:444)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:459)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:387)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:909)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:890)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:787)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at com.s3.ingestion.S3ImportMR$S3ImportMapper.map(S3ImportMR.java:112)
16:46:31,543 ERROR [stderr] (pool-17-thread-1) 	at com.s3.ingestion.S3ImportMR$S3ImportMapper.map(S3ImportMR.java:43)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.mapreduce.Mapper.run(Mapper.java:146)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.mapred.MapTask.runNewMapper(MapTask.java:787)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.mapred.MapTask.run(MapTask.java:341)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:163)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at java.security.AccessController.doPrivileged(Native
Method)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at javax.security.auth.Subject.doAs(Subject.java:422)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:158)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:332)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:205)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:128)
16:46:31,544 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:215)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:322)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:483)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:478)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at java.security.AccessController.doPrivileged(Native
Method)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at javax.security.auth.Subject.doAs(Subject.java:422)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:478)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	... 23 more
16:46:31,545 ERROR [stderr] (pool-17-thread-1) Caused by: GSSException: No valid credentials
provided (Mechanism level: Failed to find any Kerberos tgt)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
16:46:31,545 ERROR [stderr] (pool-17-thread-1) 	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:311)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:287)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	at java.security.AccessController.doPrivileged(Native
Method)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	at javax.security.auth.Subject.doAs(Subject.java:422)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:287)
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 	... 33 more
16:46:31,546 ERROR [stderr] (pool-17-thread-1) 

> Transparent Encryption Fails to work with Yarn/MapReduce
> --------------------------------------------------------
>
>                 Key: HDFS-8485
>                 URL: https://issues.apache.org/jira/browse/HDFS-8485
>             Project: Hadoop HDFS
>          Issue Type: Bug
>         Environment: RHEL-7, Kerberos 5
>            Reporter: Ambud Sharma
>            Priority: Critical
>         Attachments: core-site.xml, hdfs-site.xml, kms-site.xml, mapred-site.xml, yarn-site.xml
>
>
> Running a simple MapReduce job that writes to a path configured as an encryption zone
throws exception
> 11:26:26,343 INFO  [org.apache.hadoop.mapreduce.Job] (pool-14-thread-1) Task Id : attempt_1432740034176_0001_m_000000_2,
Status : FAILED
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) Error: java.io.IOException: org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:424)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:710)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:388)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:1358)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1457)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1442)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem$6.doCall(DistributedFileSystem.java:400)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem$6.doCall(DistributedFileSystem.java:393)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
> 11:26:26,346 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:393)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:337)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:908)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:889)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:786)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at com.s3.ingestion.S3ImportMR$S3ImportMapper.map(S3ImportMR.java:112)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at com.s3.ingestion.S3ImportMR$S3ImportMapper.map(S3ImportMR.java:43)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.mapreduce.Mapper.run(Mapper.java:145)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.mapred.MapTask.runNewMapper(MapTask.java:784)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.mapred.MapTask.run(MapTask.java:341)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:163)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at java.security.AccessController.doPrivileged(Native
Method)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 11:26:26,347 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:158)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos
tgt)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:306)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:196)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:127)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:322)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:418)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:413)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at java.security.AccessController.doPrivileged(Native
Method)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
> 11:26:26,348 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:413)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	... 23 more
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) Caused by: GSSException: No valid credentials
provided (Mechanism level: Failed to find any Kerberos tgt)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:285)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:261)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at java.security.AccessController.doPrivileged(Native
Method)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at javax.security.auth.Subject.doAs(Subject.java:422)
> 11:26:26,349 ERROR [stderr] (pool-14-thread-1) 	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:261)
> 11:26:26,350 ERROR [stderr] (pool-14-thread-1) 	... 33 more
> 11:26:26,350 ERROR [stderr] (pool-14-thread-1) 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message