[
https://issues.apache.org/jira/browse/NIFI-1124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14997768#comment-14997768
]
Oleg Zhurakousky commented on NIFI-1124:
----------------------------------------
Actually the question I have should it really only be _security/permissions
related_?
It appears that we always need to route to _REL_FAILURE_ upon catching
exception on write to HDFS regardless of what that exception is.
[~joewitt] please confirm
> PutHDFS will rollback session if perms are bad - should route to failure
> ------------------------------------------------------------------------
>
> Key: NIFI-1124
> URL: https://issues.apache.org/jira/browse/NIFI-1124
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Joseph Witt
> Assignee: Oleg Zhurakousky
> Fix For: 0.4.0
>
>
> While sending to HDFS but not having valid perms the FLowFile sits in the
> input queue and just causes continual failures. It should properly route to
> 'failure'. We appear to not be catching the exception or catching it properly.
> 14:34:34 ESTERROR541280e6-5db4-478b-8dbe-5f7989b02871
> PutHDFS[id=541280e6-5db4-478b-8dbe-5f7989b02871] Failed to write to HDFS due
> to org.apache.nifi.processor.exception.ProcessException: IOException thrown
> from PutHDFS[id=541280e6-5db4-478b-8dbe-5f7989b02871]:
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=jwitt, access=WRITE, inode="/.381352187424072":hdfs:hdfs:drwxr-xr-x
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:319)
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:292)
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:213)
> at
> org.apache.ranger.authorization.hadoop.RangerHdfsAuthorizer$RangerAccessControlEnforcer.checkPermission(RangerHdfsAuthorizer.java:300)
> at
> org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:190)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1771)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1755)
> at
> org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkAncestorAccess(FSDirectory.java:1738)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInternal(FSNamesystem.java:2509)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInt(FSNamesystem.java:2444)
> at
> org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFile(FSNamesystem.java:2328)
> at
> org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.create(NameNodeRpcServer.java:624)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.create(ClientNamenodeProtocolServerSideTranslatorPB.java:397)
> at
> org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:616)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:969)
> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2137)
> at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2133)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:415)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2131)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
