[
https://issues.apache.org/jira/browse/OOZIE-2165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14353235#comment-14353235
]
Robert Kanter commented on OOZIE-2165:
--------------------------------------
What do you mean by 'tomcat user'?
We already use the Oozie user to get the logs. There's a doAs:
https://github.com/apache/oozie/blob/master/core/src/main/java/org/apache/oozie/service/ZKXLogStreamingService.java#L208
is where we make the call, which uses a utility function here with a doAs
https://github.com/apache/oozie/blob/master/core/src/main/java/org/apache/oozie/util/AuthUrlClient.java#L126
> Job log fetching can fail in Oozie HA mode when using doAs impersonation
> ------------------------------------------------------------------------
>
> Key: OOZIE-2165
> URL: https://issues.apache.org/jira/browse/OOZIE-2165
> Project: Oozie
> Issue Type: Bug
> Components: HA
> Affects Versions: 4.1.0
> Reporter: Romain Rigaux
>
> From https://issues.cloudera.org/browse/HUE-2608
> "Oozie logs in Hue does not work well when Oozie is configured in HA mode.
> Essentially, DoAs user doesn't work for HA request. This happens because in
> HA one server will call other server as "tomcat user".
> http://oozie-server:4080/oozie/v2/job/jobid1-oozie_CB-W?show=log&allservers=false&doAs=sumeet&user.name=hue
> will be
> http://oozie-server:4080/oozie/v2/job/jobid1-oozie_CB-W?show=log&allservers=false&doAs=sumeet&user.name=oozie
> Potential fixes can be to add oozie as proxy user or drop doAs user from
> server to server call. Since the request is already authenticated, it should
> ok to call other server with oozie user.
> http://oozie-server:4080/oozie/v2/job/jobid1-oozie_CB-W?show=log&allservers=false&user.name=oozie";
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
