hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kartashov, Andy" <Andy.Kartas...@mpac.ca>
Subject RE: notorious impersonation ERROR - SOLVED
Date Fri, 09 Nov 2012 16:06:40 GMT
Guys,

OK, this is what you need to do to enable Oozie impersonation of a User.

Forget about  modifying oozie-site.xml. The only file I needed to modify was core-site.xml.

Explanation:
The superuser must be configured on namenode and jobtracker to be allowed to impersonate another
user. Following configurations are required.

             <property>
               <name>hadoop.proxyuser.oozie.groups</name>
               <value>group1,group2</value>
               <description>Allow the superuser oozie to impersonate any members of
the group group1 and group2</description>
             </property>
             <property>
               <name>hadoop.proxyuser.oozie.hosts</name>
               <value>host1,host2</value>
               <description>The superuser can connect only from host1 and host2 to impersonate
a user</description>
             </property>

If these configurations are not present, impersonation will not be allowed and connection
will fail.

I changed:  group1 to Hadoop  and host1 to ip-address of the node that I am running oozie
from.

Happy hadooping.

AK47
-----Original Message-----
From: Oleg Zhurakousky [mailto:oleg.zhurakousky@gmail.com]
Sent: Friday, November 09, 2012 9:34 AM
To: user@hadoop.apache.org
Subject: Re: notorious impersonation ERROR

Not sure, haven't got that far yet ;)

On Nov 9, 2012, at 9:27 AM, "Kartashov, Andy" <Andy.Kartashov@mpac.ca> wrote:

> Oleg,
>
> Thanks. I had added oozie to the hadoop group. Do I also need to restart NN daemon?
>
>
> -----Original Message-----
> From: Oleg Zhurakousky [mailto:oleg.zhurakousky@gmail.com]
> Sent: Friday, November 09, 2012 9:24 AM
> To: user@hadoop.apache.org
> Subject: Re: notorious impersonation ERROR
>
> Have you tried this?
>
> Let's say your oozie user is 'oozie' and Name node group is called hadoop
>
> sudo adduser --ingroup hadoop oozie
>
> Oleg
>
> On Nov 9, 2012, at 9:20 AM, "Kartashov, Andy" <Andy.Kartashov@mpac.ca> wrote:
>
>> Guys,
>>
>> Came across this error like many others who tried to run Ooozie examples. Searched
and read bunch of posts on this topic. Even came across Harsh's response stipulating that
oozie user must be added to the user group on the name node but it wasn't explained how. Any
insight please?
>>
>> Thnks,
>> aK47
>> NOTICE: This e-mail message and any attachments are confidential, subject to copyright
and may be privileged. Any unauthorized use, copying or disclosure is prohibited. If you are
not the intended recipient, please delete and contact the sender immediately. Please consider
the environment before printing this e-mail. AVIS : le présent courriel et toute pièce jointe
qui l'accompagne sont confidentiels, protégés par le droit d'auteur et peuvent être couverts
par le secret professionnel. Toute utilisation, copie ou divulgation non autorisée est interdite.
Si vous n'êtes pas le destinataire prévu de ce courriel, supprimez-le et contactez immédiatement
l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent courriel
>
> NOTICE: This e-mail message and any attachments are confidential, subject to copyright
and may be privileged. Any unauthorized use, copying or disclosure is prohibited. If you are
not the intended recipient, please delete and contact the sender immediately. Please consider
the environment before printing this e-mail. AVIS : le présent courriel et toute pièce jointe
qui l'accompagne sont confidentiels, protégés par le droit d'auteur et peuvent être couverts
par le secret professionnel. Toute utilisation, copie ou divulgation non autorisée est interdite.
Si vous n'êtes pas le destinataire prévu de ce courriel, supprimez-le et contactez immédiatement
l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent courriel

NOTICE: This e-mail message and any attachments are confidential, subject to copyright and
may be privileged. Any unauthorized use, copying or disclosure is prohibited. If you are not
the intended recipient, please delete and contact the sender immediately. Please consider
the environment before printing this e-mail. AVIS : le présent courriel et toute pièce jointe
qui l'accompagne sont confidentiels, protégés par le droit d'auteur et peuvent être couverts
par le secret professionnel. Toute utilisation, copie ou divulgation non autorisée est interdite.
Si vous n'êtes pas le destinataire prévu de ce courriel, supprimez-le et contactez immédiatement
l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent courriel

Mime
View raw message