[jira] [Commented] (HADOOP-13137) TraceAdmin should support Kerberized cluster

Colin Patrick McCabe (JIRA) Fri, 20 May 2016 10:27:25 -0700

    [ 
https://issues.apache.org/jira/browse/HADOOP-13137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15293773#comment-15293773
 ]


Colin Patrick McCabe commented on HADOOP-13137:
-----------------------------------------------

The patch looks good to me.  I think there are a few other commands that might 
need to get an argument like this, if it's necessary when communicating 
directly with a kerberized Hadoop server.  I do wonder why we need a new file, 
TestKerberizedTraceAdmin.java, when it could have been a test in 
TestTraceAdmin.java, but I don't feel that strongly about it.  Thanks, 
[~jojochuang] and [~steve_l].

> TraceAdmin should support Kerberized cluster
> --------------------------------------------
>
>                 Key: HADOOP-13137
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13137
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: tracing
>    Affects Versions: 2.6.0, 3.0.0-alpha1
>         Environment: CDH5.5.1 cluster with Kerberos
>            Reporter: Wei-Chiu Chuang
>            Assignee: Wei-Chiu Chuang
>              Labels: Kerberos
>         Attachments: HADOOP-13137.001.patch, HADOOP-13137.002.patch
>
>
> When I run {{hadoop trace}} command for a Kerberized NameNode, it failed with 
> the following error:
> [hdfs@weichiu-encryption-1 root]$ hadoop trace -list  -host 
> weichiu-encryption-1.vpc.cloudera.com:802216/05/12 00:02:13 WARN ipc.Client: 
> Exception encountered while connecting to the server : 
> java.lang.IllegalArgumentException: Failed to specify server's Kerberos 
> principal name
> 16/05/12 00:02:13 WARN security.UserGroupInformation: 
> PriviledgedActionException as:h...@vpc.cloudera.com (auth:KERBEROS) 
> cause:java.io.IOException: java.lang.IllegalArgumentException: Failed to 
> specify server's Kerberos principal name
> Exception in thread "main" java.io.IOException: Failed on local exception: 
> java.io.IOException: java.lang.IllegalArgumentException: Failed to specify 
> server's Kerberos principal name; Host Details : local host is: 
> "weichiu-encryption-1.vpc.cloudera.com/172.26.8.185"; destination host is: 
> "weichiu-encryption-1.vpc.cloudera.com":8022;
>       at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772)
>       at org.apache.hadoop.ipc.Client.call(Client.java:1470)
>       at org.apache.hadoop.ipc.Client.call(Client.java:1403)
>       at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:230)
>       at com.sun.proxy.$Proxy11.listSpanReceivers(Unknown Source)
>       at 
> org.apache.hadoop.tracing.TraceAdminProtocolTranslatorPB.listSpanReceivers(TraceAdminProtocolTranslatorPB.java:58)
>       at 
> org.apache.hadoop.tracing.TraceAdmin.listSpanReceivers(TraceAdmin.java:68)
>       at org.apache.hadoop.tracing.TraceAdmin.run(TraceAdmin.java:177)
>       at org.apache.hadoop.tracing.TraceAdmin.main(TraceAdmin.java:195)
> Caused by: java.io.IOException: java.lang.IllegalArgumentException: Failed to 
> specify server's Kerberos principal name
>       at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:682)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
>       at 
> org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:645)
>       at 
> org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:733)
>       at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:370)
>       at org.apache.hadoop.ipc.Client.getConnection(Client.java:1519)
>       at org.apache.hadoop.ipc.Client.call(Client.java:1442)
>       ... 7 more
> Caused by: java.lang.IllegalArgumentException: Failed to specify server's 
> Kerberos principal name
>       at 
> org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:322)
>       at 
> org.apache.hadoop.security.SaslRpcClient.createSaslClient(SaslRpcClient.java:231)
>       at 
> org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:159)
>       at 
> org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
>       at 
> org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:555)
>       at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:370)
>       at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:725)
>       at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:721)
>       at java.security.AccessController.doPrivileged(Native Method)
>       at javax.security.auth.Subject.doAs(Subject.java:415)
>       at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
>       at 
> org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:720)
>       ... 10 more
> It is failing because {{TraceAdmin}} does not set up the property 
> {{CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY}}
> Fixing it may require some restructuring, as the NameNode principal 
> {{dfs.namenode.kerberos.principal}} is a HDFS property, but TraceAdmin is in 
> hadoop-common. Or, specify it with a new command {{-principal}}. Any 
> suggestions? Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Commented] (HADOOP-13137) TraceAdmin should support Kerberized cluster

Reply via email to