Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-1865

Oozie servers can't talk to each other with Oozie HA and Kerberos

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: trunk
    • Fix Version/s: 4.1.0
    • Component/s: HA
    • Labels:
      None

      Description

      When you use Oozie HA with Kerberos, you have to set oozie.authentication.kerberos.principal to HTTP/<load-balancer-host> instead of HTTP/<oozie-server-host>. This allows clients to connect to any of the Oozie servers through the load balancer. However, it also blocks clients from directly talking to any of the Oozie servers. In and of itself, that's okay, but it turns out that in most cases, it also blocks the Oozie servers from talking to each other, namely for log streaming, the sharelibupdate command, and collating instrumentation/metrics (OOZIE-1676).

      Ultimately, what we need to do is allow Oozie to use both HTTP/<load-balancer-host> and HTTP/<oozie-server-host> at the same time so that clients (including Oozie servers, users, Web UI, etc) can talk to Oozie both through the load balancer and directly. If my understanding of HADOOP-10158 is correct, HADOOP-10158 adds this ability. For this JIRA, we should update Oozie to take advantage of HADOOP-10158.

        Attachments

        1. OOZIE-1865.patch
          4 kB
          Robert Kanter
        2. OOZIE-1865.patch
          4 kB
          Robert Kanter

        Issue Links

          Activity

            People

            • Assignee:
              rkanter Robert Kanter
              Reporter:
              rkanter Robert Kanter

              Dates

              • Created:
                Updated:
                Resolved:

                Issue deployment