No ideas here?
On Wed, 11 Sep 2019 at 17:31, Francisco de Freitas <chicofranch...@gmail.com>
wrote:
> HDFS version is 2.8.5
>
> I recently updated my log4j.properties file to
>
> # Log at INFO level to DRFAAUDIT
>
> log4j.logger.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit=INFO,DRFAAUDIT
> # Do not forward audit events to parent appenders (i.e. namenode)
>
> log4j.additivity.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit=false
> # Configure local appender
> log4j.appender.DRFAAUDIT=org.apache.log4j.DailyRollingFileAppender
> log4j.appender.DRFAAUDIT.File=${hadoop.log.dir}/hdfs-audit.log
> log4j.appender.DRFAAUDIT.DatePattern=.yyyy-MM-dd
> log4j.appender.DRFAAUDIT.layout=org.apache.log4j.PatternLayout
> log4j.appender.DRFAAUDIT.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
>
> Running a simple ls as a normal user on the same node as the active one I
> get a permission denied on the hdfs-audit.log
>
> hdfs dfs -ls /
> log4j:ERROR setFile(null,true) call failed.
> java.io.FileNotFoundException: /var/log/hadoop/hdfs-audit.log (Permission
> denied)
> at java.io.FileOutputStream.open0(Native Method)
> at java.io.FileOutputStream.open(FileOutputStream.java:270)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:213)
> at java.io.FileOutputStream.<init>(FileOutputStream.java:133)
> at org.apache.log4j.FileAppender.setFile(FileAppender.java:294)
> at org.apache.log4j.FileAppender.activateOptions(FileAppender.java:165)
> at
> org.apache.log4j.DailyRollingFileAppender.activateOptions(DailyRollingFileAppender.java:223)
> at org.apache.log4j.config.PropertySetter.activate(PropertySetter.java:307)
> at
> org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:172)
> at
> org.apache.log4j.config.PropertySetter.setProperties(PropertySetter.java:104)
> at
> org.apache.log4j.PropertyConfigurator.parseAppender(PropertyConfigurator.java:842)
> at
> org.apache.log4j.PropertyConfigurator.parseCategory(PropertyConfigurator.java:768)
> at
> org.apache.log4j.PropertyConfigurator.parseCatsAndRenderers(PropertyConfigurator.java:672)
> at
> org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:516)
> at
> org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:580)
> at
> org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:526)
> at org.apache.log4j.LogManager.<clinit>(LogManager.java:127)
> at org.apache.log4j.Logger.getLogger(Logger.java:104)
> at
> org.apache.commons.logging.impl.Log4JLogger.getLogger(Log4JLogger.java:262)
> at org.apache.commons.logging.impl.Log4JLogger.<init>(Log4JLogger.java:108)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
> at
> org.apache.commons.logging.impl.LogFactoryImpl.createLogFromClass(LogFactoryImpl.java:1025)
> at
> org.apache.commons.logging.impl.LogFactoryImpl.discoverLogImplementation(LogFactoryImpl.java:844)
> at
> org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.java:541)
> at
> org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:292)
> at
> org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.java:269)
> at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:657)
> at org.apache.hadoop.fs.FsShell.<clinit>(FsShell.java:47)
>
> Running the same ls command from any other node (remotely) I don't get the
> nasty permission denied exception.
>
> My user on the active NN doesn't belong to the hadoop group and
> I obviously don't want that it's able to write to the file.
>
> Is there any way I can circumvent this exception from showing up? The
> audit log gets written without any issues (for the LS query).
>
