Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
2.2.0
Description
After disabling Kerberos to fix a user generated issue with a principal name pattern, the auth-to-local mapping(s) were not removed and thus not fixing the issues that were caused:
Invalid hadoop.security.auth_to_local value
<property> <name>hadoop.security.auth_to_local</name> <value>RULE:[1:$1@$0](${hbase_user}@EXAMPLE.COM)s/.*/hbase/ RULE:[1:$1@$0](${hdfs_user}@EXAMPLE.COM)s/.*/hdfs/ RULE:[1:$1@$0](${smokeuser}@EXAMPLE.COM)s/.*/ambari-qa/ RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/ RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ DEFAULT</value> </property>
Errors in log
2016-01-13 21:51:17,825 FATAL datanode.DataNode (DataNode.java:secureMain(2429)) - Exception in secureMain java.util.regex.PatternSyntaxException: Illegal repetition near index 0 ${hbase_user}@EXAMPLE.COM ^ at java.util.regex.Pattern.error(Pattern.java:1924) at java.util.regex.Pattern.closure(Pattern.java:3104) at java.util.regex.Pattern.sequence(Pattern.java:2101) at java.util.regex.Pattern.expr(Pattern.java:1964) at java.util.regex.Pattern.compile(Pattern.java:1665) at java.util.regex.Pattern.<init>(Pattern.java:1337) at java.util.regex.Pattern.compile(Pattern.java:1022) at org.apache.hadoop.security.authentication.util.KerberosName$Rule.<init>(KerberosName.java:193) at org.apache.hadoop.security.authentication.util.KerberosName.parseRules(KerberosName.java:336) at org.apache.hadoop.security.authentication.util.KerberosName.setRules(KerberosName.java:397) at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:75) at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:275) at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:311) at org.apache.hadoop.hdfs.server.datanode.DataNode.instantiateDataNode(DataNode.java:2192) at org.apache.hadoop.hdfs.server.datanode.DataNode.createDataNode(DataNode.java:2242) at org.apache.hadoop.hdfs.server.datanode.DataNode.secureMain(DataNode.java:2422) at org.apache.hadoop.hdfs.server.datanode.DataNode.main(DataNode.java:2446) 2016-01-13 21:51:17,830 INFO util.ExitUtil (ExitUtil.java:terminate(124)) - Exiting with status 1 2016-01-13 21:51:17,832 INFO datanode.DataNode (LogAdapter.java:info(45)) - SHUTDOWN_MSG: /************************************************************
The auth-to-local mappings should be removed when Kerberos is disabled.
Attachments
Attachments
Issue Links
- links to