Ok, thanks.
On Wed, Aug 27, 2014 at 12:49 PM, Seetharam Venkatesh < [email protected]> wrote: > Josh, the interface endpoints should not have the realm information. > > <interface type="execute" endpoint="ip-54-40-237-222*.EXAMPLE.COM*:8050 > <http://ip-54-40-237-222.example.com:8050/>" version="2.4.0"/> > > Should be: > <interface type="execute" endpoint="ip-54-40-237-222:8050 > <http://ip-54-40-237-222.example.com:8050/>" version="2.4.0"/> > > > On Wed, Aug 27, 2014 at 6:08 AM, Josh Clum <[email protected]> wrote: > > > Hi, > > > > I'm trying to submit a cluster process in a secure environment. But am > > getting the following exception saying that the Server has an invalid > > principal. Has anyone run across this before? I'm setting <property > > name="dfs.namenode.kerberos.principal" value="nn/[email protected]"/>. > > > > Client Command: > > > > -bash-4.1$ falcon entity -submit -type process -file > > raw_cc_bp_ratio_lcms_comp_process.xml > > Error: java.io.IOException: Failed on local exception: > java.io.IOException: > > java.lang.IllegalArgumentException: Server has invalid Kerberos > principal: > > nn/[email protected]; Host Details : local host > > is: " > > ip-54-40-237-210.EXAMPLE.COM/54.40.237.210"; destination host is: " > > ip-54-40-237-210.EXAMPLE.COM":8020; > > > > Falcon Server Logs: > > > > Caused by: java.io.IOException: Failed on local exception: > > java.io.IOException: java.lang.IllegalArgumentException: Server has > invalid > > Kerberos principal: nn/[email protected]; Host > > Details : local host is: "ip-54-40-237-210.EXAMPLE.COM/54.40.237.210"; > > destination host is: "ip-54-40-237-210.EXAMPLE.COM":8020; > > at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:764) > > at org.apache.hadoop.ipc.Client.call(Client.java:1414) > > at org.apache.hadoop.ipc.Client.call(Client.java:1363) > > at > > > > > org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:206) > > at com.sun.proxy.$Proxy67.getFileInfo(Unknown Source) > > at > > > > > org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:699) > > at sun.reflect.GeneratedMethodAccessor24.invoke(Unknown Source) > > at > > > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > > > > > org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:190) > > at > > > > > org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:103) > > at com.sun.proxy.$Proxy68.getFileInfo(Unknown Source) > > at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1762) > > at > > > > > org.apache.hadoop.hdfs.DistributedFileSystem$17.doCall(DistributedFileSystem.java:1124) > > at > > > > > org.apache.hadoop.hdfs.DistributedFileSystem$17.doCall(DistributedFileSystem.java:1120) > > at > > > > > org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81) > > at > > > > > org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1120) > > at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1398) > > at > > > > > org.apache.falcon.entity.parser.ProcessEntityParser.validateHDFSPaths(ProcessEntityParser.java:122) > > ... 56 more > > Caused by: java.io.IOException: java.lang.IllegalArgumentException: > Server > > has invalid Kerberos principal: nn/ > > [email protected] > > at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:677) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAs(Subject.java:415) > > at > > > > > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1594) > > at > > > > > org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:640) > > at > > org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:724) > > at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:367) > > at org.apache.hadoop.ipc.Client.getConnection(Client.java:1462) > > at org.apache.hadoop.ipc.Client.call(Client.java:1381) > > ... 73 more > > Caused by: java.lang.IllegalArgumentException: Server has invalid > Kerberos > > principal: nn/[email protected] > > at > > > > > org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:332) > > at > > > > > org.apache.hadoop.security.SaslRpcClient.createSaslClient(SaslRpcClient.java:231) > > at > > > > > org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:159) > > at > > > > > org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:394) > > at > > > > > org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:550) > > at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:367) > > at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:716) > > at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:712) > > at java.security.AccessController.doPrivileged(Native Method) > > at javax.security.auth.Subject.doAs(Subject.java:415) > > at > > > > > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1594) > > at > > org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:711) > > ... 76 more > > > > Cluster Entity: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <cluster colo="local" description="Cluster" name="cluster" > > xmlns="uri:falcon:cluster:0.1"> > > <interfaces> > > <interface type="readonly" endpoint="hdfs://nn" version="2.4.0"/> > > <interface type="write" endpoint="hdfs://nn" version="2.4.0"/> > > <interface type="execute" endpoint=" > ip-54-40-237-222.EXAMPLE.COM:8050" > > version="2.4.0"/> > > <interface type="workflow" endpoint=" > > http://ip-54-40-237-210.EXAMPLE.COM:11000/oozie"; version="4.0.0"/> > > <interface type="registry" endpoint="thrift:// > > ip-54-40-237-222.EXAMPLE.COM:9083" version="0.13.0"/> > > <interface type="messaging" endpoint="tcp:// > > ip-54-40-237-210.EXAMPLE.COM:61616?daemon=true" version="5.4.3"/> > > </interfaces> > > <locations> > > <location name="staging" path="/tmp"/> > > <location name="working" path="/tmp"/> > > <location name="temp" path="/tmp"/> > > </locations> > > <properties> > > <property name="dfs.namenode.kerberos.principal" value="nn/_ > > [email protected]"/> > > <property name="hive.metastore.kerberos.principal" value="hive/ > > [email protected]"/> > > <property name="hive.metastore.uris" value="thrift:// > > ip-54-40-237-222.EXAMPLE.COM:9083"/> > > <property name="hive.metastore.sasl.enabled" value="true"/> > > </properties> > > </cluster> > > > > Thanks, > > Josh > > > > > > -- > Regards, > Venkatesh > > “Perfection (in design) is achieved not when there is nothing more to add, > but rather when there is nothing more to take away.” > - Antoine de Saint-Exupéry >
