[
https://issues.apache.org/jira/browse/FALCON-845?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14189290#comment-14189290
]
Venkatesh Seetharam commented on FALCON-845:
--------------------------------------------
I think this is a good catch, there is an interplay of FALCON-753 here and we
may no longer be able to support superuser since the data is owned by the user
and default umask might be 077 (700). As long as operations does not modify
data, superuser can work.
How should this be handled? Thoughts?
> superuser falcon is not able to delete/update entity
> ----------------------------------------------------
>
> Key: FALCON-845
> URL: https://issues.apache.org/jira/browse/FALCON-845
> Project: Falcon
> Issue Type: Bug
> Affects Versions: 0.6
> Reporter: Raghav Kumar Gautam
> Assignee: Venkatesh Seetharam
> Fix For: 0.6
>
> Attachments: core-site.xml, entities.txt
>
>
> Sample response is:
> {code}
> 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Request Url:
> http://ip-172-31-47-32.ec2.internal:15000/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon
> (BaseRequest:163)
> 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Request Method: DELETE (BaseRequest:164)
> 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Request Header: Name=Content-Type Value=text/xml (BaseRequest:167)
> 2014-10-29 15:20:28,518 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Request Header: Name=Cookie
> Value=hadoop.auth=u=falcon&p=falcon&t=simple&e=1414632028513&s=1nC83wrEf/iOQvualO/fPAH4qE4=
> (BaseRequest:167)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Response Status: HTTP/1.1 400 Bad Request (BaseRequest:193)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Response Header: Name=Content-Type Value=text/xml (BaseRequest:195)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Response Header: Name=requestId Value=114790f0-0b80-43c0-9899-042705741916
> (BaseRequest:195)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Response Header: Name=Content-Length Value=263 (BaseRequest:195)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ Response Header: Name=Server Value=Jetty(6.1.26.hwx) (BaseRequest:195)
> Warning: org.apache.xerces.parsers.SAXParser: Property
> 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
> Warning: org.apache.xerces.parsers.SAXParser: Property
> 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not
> recognized.
> 2014-10-29 15:20:28,675 INFO - [pool-45-thread-1:othersEditScheduledProcess]
> ~ The web service response is:
> <?xml version="1.0" encoding="UTF-8"?><result>
> <status>FAILED</status>
>
> <message>org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User: falcon is not allowed to impersonate falcon</message>
> </result>
> (ServiceResponse:86)
> {code}
> Relevant log from falcon.application.log:
> {code}
> 2014-10-29 15:20:28,526 INFO -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Logging
> in falcon (CurrentUser:69)
> 2014-10-29 15:20:28,526 INFO -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Request
> from user: falcon,
> URL=/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon
> (FalconAuthenticationFilter:181)
> 2014-10-29 15:20:28,526 INFO -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~
> Authorizing user=falcon against request=RequestParts{resource='entities',
> action='delete', entityName='agregator-coord16-22ceac97',
> entityType='process'} (FalconAuthorizationFilter:70)
> 2014-10-29 15:20:28,527 INFO -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~
> Authorizing authenticatedUser=falcon, against resource=entities,
> action=delete, entity name=agregator-coord16-22ceac97, entity type=process
> (DefaultAuthorizationProvider:125)
> 2014-10-29 15:20:28,528 DEBUG -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Invoking
> method delete on service org.apache.falcon.resource.ConfigSyncService
> (IPCChannel:45)
> 2014-10-29 15:20:28,669 ERROR -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Unable
> to reach workflow engine for deletion or deletion failed
> (AbstractEntityManager:228)
> org.apache.falcon.FalconException:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User: falcon is not allowed to impersonate falcon
> at
> org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:600)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:269)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:367)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:361)
> at
> org.apache.falcon.workflow.engine.OozieWorkflowEngine.delete(OozieWorkflowEngine.java:345)
> at
> org.apache.falcon.resource.AbstractEntityManager.delete(AbstractEntityManager.java:215)
> at
> org.apache.falcon.resource.ConfigSyncService.delete(ConfigSyncService.java:56)
> at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.falcon.resource.channel.IPCChannel.invoke(IPCChannel.java:49)
> at
> org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.doExecute(SchedulableEntityManagerProxy.java:182)
> at
> org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$EntityProxy.execute(SchedulableEntityManagerProxy.java:447)
> at
> org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.execute(SchedulableEntityManagerProxy.java:172)
> at
> org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete_aroundBody2(SchedulableEntityManagerProxy.java:184)
> at
> org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$AjcClosure3.run(SchedulableEntityManagerProxy.java:1)
> at
> org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at
> org.apache.falcon.aspect.AbstractFalconAspect.logAroundMonitored(AbstractFalconAspect.java:51)
> at
> org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete(SchedulableEntityManagerProxy.java:159)
> at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
> at
> com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
> at
> com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
> at
> com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
> at
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at
> com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
> at
> com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at
> com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
> at
> com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
> at
> com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
> at
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
> at
> com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
> at
> org.apache.falcon.security.FalconAuthorizationFilter.doFilter(FalconAuthorizationFilter.java:80)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.apache.falcon.security.FalconAuthenticationFilter$2.doFilter(FalconAuthenticationFilter.java:184)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:572)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:542)
> at
> org.apache.falcon.security.FalconAuthenticationFilter.doFilter(FalconAuthenticationFilter.java:193)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.apache.falcon.security.FalconAuditFilter.doFilter(FalconAuditFilter.java:65)
> at
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
> at
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at
> org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at
> org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User: falcon is not allowed to impersonate falcon
> at org.apache.hadoop.ipc.Client.call(Client.java:1468)
> at org.apache.hadoop.ipc.Client.call(Client.java:1399)
> at
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232)
> at com.sun.proxy.$Proxy27.getListing(Unknown Source)
> at
> org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getListing(ClientNamenodeProtocolTranslatorPB.java:554)
> at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at
> org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:187)
> at
> org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
> at com.sun.proxy.$Proxy28.getListing(Unknown Source)
> at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1947)
> at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1930)
> at
> org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:693)
> at
> org.apache.hadoop.hdfs.DistributedFileSystem.access$600(DistributedFileSystem.java:105)
> at
> org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:755)
> at
> org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:751)
> at
> org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
> at
> org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:751)
> at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1485)
> at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1525)
> at
> org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:589)
> ... 62 more
> 2014-10-29 15:20:28,670 ERROR -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Action
> failed: Bad Request
> Error:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User: falcon is not allowed to impersonate falcon (FalconWebException:68)
> 2014-10-29 15:20:28,670 INFO -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916
> falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~
> {Action:delete, Dimensions:{entityType=process, colo=NULL,
> entityName=agregator-coord16-22ceac97}, Status: FAILED, Time-taken:142594851
> ns} (METRIC:38)
> 2014-10-29 15:20:28,671 DEBUG -
> [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916] ~ Audit:
> falcon/172.31.47.32 performed request
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
