hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alaric Snell-Pym <ala...@snell-pym.org.uk>
Subject Problems starting a NameNode with Kerberos security enabled
Date Wed, 15 May 2013 08:50:08 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Dear HDFS experts,

I'm trying to set up a single-node HDFS "cluster" for testing Kerberos
integration on my laptop.

To cut a long story short, I can't start my namenode, getting this error:

13/05/14 15:16:50 ERROR namenode.NameNode:
java.lang.IllegalArgumentException: Does not contain a valid host:port
authority: 0.0.0.0:0.0.0.0:0
	at org.apache.hadoop.net.NetUtils.createSocketAddr(NetUtils.java:162)
	at org.apache.hadoop.net.NetUtils.createSocketAddr(NetUtils.java:128)
	at org.apache.hadoop.hdfs.server.namenode.NameNode$1.run(NameNode.java:406)
	at org.apache.hadoop.hdfs.server.namenode.NameNode$1.run(NameNode.java:353)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:416)
	at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1121)
	at
org.apache.hadoop.hdfs.server.namenode.NameNode.startHttpServer(NameNode.java:353)
	at
org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:305)
	at
org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:496)
	at
org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1279)
	at org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1288)

(excuse line-wrapping...)

I've seen reference to this error being caused my a mis-set
fs.default.name; mine is "hdfs://localhost:54310".

Removing this:

<property>
  <name>hadoop.security.authentication</name>
  <value>kerberos</value>
</property>

...from core-site.xml causes the namenode to start up happily, but
obviously disables Kerberos.

So, clearly, in Kerberos mode, more than just fs.default.name goes into
the socket address that the namenode tries to create, right? However,
I've noticed that by changing dfs.http.address I can make the error
message vary; with its current value (my.host.name:50070) it produces
the above error, but if I change it to "localhost" I instead get a
complain that "localhost:localhost:0" does not contain a valid host_port
authority instead of "0.0.0.0:0.0.0.0:0".

Can anybody give me some pointers as to where I might be going wrong?

The one concern I have is that, as my laptop is on DHCP, I don't have a
fixed IP address; I have an /etc/hosts entry pointing my host name at
127.0.0.1, and used that host name in all the Kerberos principles. Am I
suffering because of the fact that it's in /etc/hosts but not in DNS? Do
I just need to run all of this on a host with a fixed IP address and
proper forward/reverse DNS, rather than from /etc/hosts?

Thanks,

ABS

- --
Alaric Snell-Pym
http://www.snell-pym.org.uk/alaric/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJRk0xAAAoJENVnbn/DjbpJ1xAP/ikRDWqh9MrgLL6XX8qhegLK
2HM0l2N483gfy1nY4aSx72ug6Zw7h0G3Z/0TZJs/etH7tRo1gNB/3Dfx69ZQiXR3
NJnmJvhAKwpnP4+QuotCulAPG+5+7TTIOY5Zuc1QCoUlucxTaHB2smlx90hxmUUy
pw23y4AheAKXTasF1QLN4hlyOZez/6ZxroX+mPbSvSBDBXiEmiN49ajMGLrjM2TV
tbu6xZfjXW4TPUlsUkc2p74jmmAgyofi5fgMXqEbSSNkgzkd0y6CP8vIO2/iusHe
BxAvu584/o6pzFtX3w/gnobU9zoB2Z5fAT/ukurupgySrbGQOcm5mOu+LYjwAiwk
cBwFuzKBPLbrd1hueGwPnzzX1/5yDLhlBK1vXm7nstap9PME9ZICXOtmf7M78NFc
Q6pxE7MAzB/uOta7wUjELtKb4sMaTiwFcxlN2gS5bDvnLj5cGWjKgW1dLfGohj3m
l1Mall/ezBfRuiN7bJNuoIxjBzuWYdSrGk2ch7mI8zGzpdee0onjdvmEISkvc8E0
BSvdQGqCGgNW6beqQWZJclfffVtNlcDeZ/JRmQ6ENLcLUhurMth/UQNtodtq5Gzl
AkQWeGeYmK4qB03mihyBNEZMCFkOD4nnlZCbAZ/6y0ONUM9LrVUIBkEyho/O4W3r
zayU6gAm1DfrsauUI7fS
=TWmm
-----END PGP SIGNATURE-----

Mime
View raw message