Hadoop 1.0.4 does not support wildcards '*' in the proxyuser hosts/groups properties. Starting with Hadoop 1.1.1 this is supported. Hadoop 2.0.2-alpha supports it.
You cannot patch Oozie to ignore this. This is on Hadoop side. And it has its very good reason, is to be able to control who can impersonate other users (Oozie in this case), from what hostnames the impersonator is allowed to impersonate, users in which groups the impersonator can impersonate. You have 3 dimensions to control, in development this may be a bit annoying, but in production it is a must. With the support of wildcards for hostnames and groups you must only worry (if you don't care about security) about setting the right properties for the impersonator UID with the wildcards. Thx On Thu, Jan 31, 2013 at 6:22 PM, Grant Ingersoll <gsing...@apache.org>wrote: > What options have you tried? I seem to recall you need some things on the > Hadoop side, too. FWIW, this is easily the most annoying/confusing thing > in Oozie. Sometimes it's simplest to patch the code to turn it off > completely. > > On Jan 31, 2013, at 6:55 PM, aasfo kxi wrote: > > > I am getting conflicting information on the following settings: > > > > hadoop.proxyuser.oozie.hosts > > hadoop.proxyuser.oozie.groups > > > > This thread states that the first is a list of hostnames: > > http://bit.ly/WEeqSn > > This thread states that the first is a list of usernames: > > http://bit.ly/VqUAcU > > > > Neither has worked for me and I am still getting: > > > > Exception occured: [org.apache.hadoop.ipc.RemoteException: User: oozie is > > not allowed to impersonate oozie] > > > > No matter what combination of user / hosts / groups, etc that I try. I > am > > unsure as to which one I should be troubleshooting at this point. > > > > Hadoop v.1.0.4 > > Oozie v.3.3.1 > > > > Thanks for any help. > > > > kx > > > -- Alejandro
