Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13023

Journal Sync does not work on a secure cluster

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.1.0
    • Component/s: journal-node
    • Labels:
      None

      Description

      Fails with the following exception.

      
      2018-01-10 01:15:40,517 INFO server.JournalNodeSyncer (JournalNodeSyncer.java:syncWithJournalAtIndex(235)) - Syncing Journal /0.0.0.0:8485 with xxx, journal id: mycluster
       2018-01-10 01:15:40,583 ERROR server.JournalNodeSyncer (JournalNodeSyncer.java:syncWithJournalAtIndex(259)) - Could not sync with Journal at xxx/xxx:8485
       com.google.protobuf.ServiceException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User nn/xxx (auth:PROXY) via jn/xxx (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.qjournal.protocol.QJournalProtocol: this service is only accessible by nn/xxx@EXAMPLE.COM
       at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:242)
       at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:116)
       at com.sun.proxy.$Proxy16.getEditLogManifest(Unknown Source)
       at org.apache.hadoop.hdfs.qjournal.server.JournalNodeSyncer.syncWithJournalAtIndex(JournalNodeSyncer.java:254)
       at org.apache.hadoop.hdfs.qjournal.server.JournalNodeSyncer.syncJournals(JournalNodeSyncer.java:230)
       at org.apache.hadoop.hdfs.qjournal.server.JournalNodeSyncer.lambda$startSyncJournalsDaemon$0(JournalNodeSyncer.java:190)
       at java.lang.Thread.run(Thread.java:748)
       Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User nn/xxx (auth:PROXY) via jn/xxx (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.qjournal.protocol.QJournalProtocol: this service is only accessible by nn/xxx
       at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1491)
       at org.apache.hadoop.ipc.Client.call(Client.java:1437)
       at org.apache.hadoop.ipc.Client.call(Client.java:1347)
       at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:228)
       ... 6 more
      
      

        Attachments

        1. HDFS-13023.00.patch
          26 kB
          Bharat Viswanadham
        2. HDFS-13023.01.patch
          27 kB
          Bharat Viswanadham
        3. HDFS-13023.02.patch
          29 kB
          Bharat Viswanadham
        4. HDFS-13023.03.patch
          29 kB
          Bharat Viswanadham

          Issue Links

            Activity

              People

              • Assignee:
                bharat Bharat Viswanadham
                Reporter:
                nmaheshwari Namit Maheshwari
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: