hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ravi teja <raviort...@gmail.com>
Subject Re: Not able to create domains in timeline server from Tez
Date Thu, 09 Mar 2017 15:24:20 GMT
Found the issue, posting it here so that it could be of help for someone
who is stuck with the same problem.

The jobs from hive cli didn't having the permission issue while posting
history as there is no impersonation in this case, the hive job is
submitted with the same user with which the cli is launched.

But the problem is faced while using hiveserver2 because, the daemon ran as
hive user and the job run is requested by another user X. Hence the
timeline history request was trying to impersonate the user X which it
didn't have authorisation to, hence the domain request failed at timeline
server.

Adding the user group of X to config *hadoop.proxyuser.hive.groups*  solved
the issue.

On Thu, Mar 9, 2017 at 4:04 PM, ravi teja <raviorteja@gmail.com> wrote:

> Hi,
>
> I am getting a  *Authentication failed, status: 403, message: Forbidden *
> message when trying to create domains on timeline server while running a
> tez job from hive server2.
> I have tried checking online sources and documentation but couldn't find
> any info there.
> Because of this, I am not able to see any historuy of tez jobs on tezui as
> the history publish is being disabled because of this issue.
>
> Haven't set any acls at timeline server and the tez jobs run from hive cli
> are publishing the history.
> It would be great if I can get come help on this issue.
>
> More details:
> *Version:*
> Hive: 2.1.0
> Timeline: 2.7.1
> Tez:0.8.4
>
> *Logs:*
> 2017-03-09T12:54:28,334 WARN  [Thread-228142]:
> acls.ATSHistoryACLPolicyManager (:()) - Could not post timeline domain
> com.sun.jersey.api.client.ClientHandlerException: java.io.IOException:
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> Authentication failed, status: 403, message: Forbidden
> at com.sun.jersey.client.urlconnection.URLConnectionClientHandl
> er.handle(URLConnectionClientHandler.java:149)
> 2017-03-09T12:54:28,334 WARN  [Thread-228142]: client.TezClientUtils (:())
> - Disabling history logging for session application_1488479644033_136271
> due to error in setting up history acls org.apache.tez.common.security.HistoryACLPolicyException:
> Fail to create ACL-related domain in Timeline
>
>
> Thanks.
> Ravi
>
>

Mime
View raw message