Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-13023

Journal Sync does not work on a secure cluster

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.1.0
    • journal-node
    • None

    Description

      Fails with the following exception.

      
2018-01-10 01:15:40,517 INFO server.JournalNodeSyncer (JournalNodeSyncer.java:syncWithJournalAtIndex(235)) - Syncing Journal /0.0.0.0:8485 with xxx, journal id: mycluster
 2018-01-10 01:15:40,583 ERROR server.JournalNodeSyncer (JournalNodeSyncer.java:syncWithJournalAtIndex(259)) - Could not sync with Journal at xxx/xxx:8485
 com.google.protobuf.ServiceException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User nn/xxx (auth:PROXY) via jn/xxx (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.qjournal.protocol.QJournalProtocol: this service is only accessible by nn/xxx@EXAMPLE.COM
 at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:242)
 at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:116)
 at com.sun.proxy.$Proxy16.getEditLogManifest(Unknown Source)
 at org.apache.hadoop.hdfs.qjournal.server.JournalNodeSyncer.syncWithJournalAtIndex(JournalNodeSyncer.java:254)
 at org.apache.hadoop.hdfs.qjournal.server.JournalNodeSyncer.syncJournals(JournalNodeSyncer.java:230)
 at org.apache.hadoop.hdfs.qjournal.server.JournalNodeSyncer.lambda$startSyncJournalsDaemon$0(JournalNodeSyncer.java:190)
 at java.lang.Thread.run(Thread.java:748)
 Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User nn/xxx (auth:PROXY) via jn/xxx (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.qjournal.protocol.QJournalProtocol: this service is only accessible by nn/xxx
 at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1491)
 at org.apache.hadoop.ipc.Client.call(Client.java:1437)
 at org.apache.hadoop.ipc.Client.call(Client.java:1347)
 at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:228)
 ... 6 more

      Attachments

        1. HDFS-13023.00.patch
          26 kB
          Bharat Viswanadham
        2. HDFS-13023.01.patch
          27 kB
          Bharat Viswanadham
        3. HDFS-13023.02.patch
          29 kB
          Bharat Viswanadham
        4. HDFS-13023.03.patch
          29 kB
          Bharat Viswanadham

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-14942 Change Log Level to debug in JournalNodeSyncer#syncWithJournalAtIndex

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link Review Board

          Activity

            People

              bharat Bharat Viswanadham
              nmaheshwari Namit Maheshwari
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: