Return-Path: X-Original-To: apmail-hadoop-user-archive@minotaur.apache.org Delivered-To: apmail-hadoop-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 310B2D35A for ; Mon, 26 Nov 2012 14:06:02 +0000 (UTC) Received: (qmail 86391 invoked by uid 500); 26 Nov 2012 14:05:58 -0000 Delivered-To: apmail-hadoop-user-archive@hadoop.apache.org Received: (qmail 86264 invoked by uid 500); 26 Nov 2012 14:05:57 -0000 Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@hadoop.apache.org Delivered-To: mailing list user@hadoop.apache.org Received: (qmail 86236 invoked by uid 99); 26 Nov 2012 14:05:57 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Nov 2012 14:05:57 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [125.215.199.158] (HELO mail.mediator.com.hk) (125.215.199.158) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 26 Nov 2012 14:05:51 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.mediator.com.hk (Postfix) with ESMTP id 56FF3A20431; Mon, 26 Nov 2012 22:19:23 +0800 (HKT) X-Virus-Scanned: amavisd-new at mediator.com.hk Received: from mail.mediator.com.hk ([127.0.0.1]) by localhost (mail.mediator.com.hk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iKeV+uvc0pHp; Mon, 26 Nov 2012 22:19:22 +0800 (HKT) Received: from [192.168.0.103] (unknown [192.168.16.10]) by mail.mediator.com.hk (Postfix) with ESMTPSA id 7280EA20428; Mon, 26 Nov 2012 22:19:22 +0800 (HKT) Subject: Re: Datanode: "Cannot start secure cluster without privileged resources" Mime-Version: 1.0 (Apple Message framework v1085) Content-Type: text/plain; charset=us-ascii From: "ac@hsk.hk" In-Reply-To: Date: Mon, 26 Nov 2012 22:05:27 +0800 Cc: "ac@hsk.hk" , "" Content-Transfer-Encoding: quoted-printable Message-Id: References: <3E0C3F7B-50C9-44BC-9FDF-CED0F0A7DB91@hsk.hk> <57F21702-4E04-43C4-8896-0996630791C2@hsk.hk> To: Harsh J X-Mailer: Apple Mail (2.1085) X-Virus-Checked: Checked by ClamAV on apache.org Hi, Thanks for your reply. However, I think 16152 should not be the DN, since 1) my second try of "/usr/local/hadoop/bin/hadoop-daemon.sh start = datanode" says 16117 (i.e. I ran start datanode twice), and=20 2) ps axu | grep 16117, I got root 16117 0.0 0.0 17004 904 pts/2 S 21:34 0:00 = jsvc.exec -Dproc_datanode -outfile /usr/local/hadoop-1.0.4/libexec/ ... These are the two reasons that I think JPS is no longer a tool to check = secure DN. Thanks again! On 26 Nov 2012, at 9:47 PM, Harsh J wrote: > The 16152 should be the DN JVM I think. This is a jps limitation, as > seen at = http://docs.oracle.com/javase/1.5.0/docs/tooldocs/share/jps.html > and jsvc (which secure mode DN uses) is such a custom launcher. >=20 > "The jps command uses the java launcher to find the class name and > arguments passed to the main method. If the target JVM is started with > a custom launcher, the class name (or JAR file name) and the arguments > to the main method will not be available. In this case, the jps > command will output the string Unknownfor the class name or JAR file > name and for the arguments to the main method." >=20 > On Mon, Nov 26, 2012 at 7:11 PM, ac@hsk.hk wrote: >> Hi, >>=20 >> A question: >> I started Secure DN then ran JPS as root, I could not find any = running DN: >> 16152 >> 16195 Jps >>=20 >> However, when I tried to start the secure DN again, I got: >> Warning: $HADOOP_HOME is deprecated. >> datanode running as process 16117. Stop it first. >>=20 >> Does it mean JPS is no longer a tool to check DN in secure mode? >>=20 >> Thanks >>=20 >>=20 >> On 26 Nov 2012, at 9:03 PM, ac@hsk.hk wrote: >>=20 >>> Hi Harsh, >>>=20 >>> Thank you very much for your reply, got it! >>>=20 >>> Thanks >>> ac >>>=20 >>> On 26 Nov 2012, at 8:32 PM, Harsh J wrote: >>>=20 >>>> Secure DN needs to be started as root (it runs as proper user, but >>>> needs to be started as root to grab reserved ports), and needs a >>>> proper jsvc binary (for your arch/OS) available. Are you using >>>> tarballs or packages (and if packages, are they from Bigtop)? >>>>=20 >>>> On Mon, Nov 26, 2012 at 5:21 PM, ac@hsk.hk wrote: >>>>> Hi, >>>>>=20 >>>>> I am setting up HDFS security with Kerberos: >>>>> When I manually started the first datanode, I got the following = messages (the namenode is started): >>>>>=20 >>>>> 1) INFO org.apache.hadoop.security.UserGroupInformation: Login = successful for user .... >>>>> 2) ERROR org.apache.hadoop.hdfs.server.datanode.DataNode: = java.lang.RuntimeException: Cannot start secure cluster without = privileged resources. >>>>>=20 >>>>> OS: Ubuntu 12.04 >>>>> Hadoop: 1.0.4 >>>>>=20 >>>>> It seems that it could login successfully but something is missing >>>>> Please help! >>>>>=20 >>>>> Thanks >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>=20 >>>>=20 >>>>=20 >>>> -- >>>> Harsh J >>>=20 >>=20 >=20 >=20 >=20 > --=20 > Harsh J