[jira] [Created] (HADOOP-13137) TraceAdmin should support Kerberized NameNode

Wei-Chiu Chuang (JIRA) Thu, 12 May 2016 00:25:44 -0700

Wei-Chiu Chuang created HADOOP-13137:
----------------------------------------


             Summary: TraceAdmin should support Kerberized NameNode
                 Key: HADOOP-13137
                 URL: https://issues.apache.org/jira/browse/HADOOP-13137
             Project: Hadoop Common
          Issue Type: Bug
          Components: tracing
    Affects Versions: 2.6.0, 3.0.0
         Environment: CDH5.5.1 cluster with Kerberos
            Reporter: Wei-Chiu Chuang
            Assignee: Wei-Chiu Chuang


When I run {{hadoop trace}} command for a Kerberized NameNode, it failed with 
the following error:

[hdfs@weichiu-encryption-1 root]$ hadoop trace -list  -host 
weichiu-encryption-1.vpc.cloudera.com:802216/05/12 00:02:13 WARN ipc.Client: 
Exception encountered while connecting to the server : 
java.lang.IllegalArgumentException: Failed to specify server's Kerberos 
principal name
16/05/12 00:02:13 WARN security.UserGroupInformation: 
PriviledgedActionException as:h...@vpc.cloudera.com (auth:KERBEROS) 
cause:java.io.IOException: java.lang.IllegalArgumentException: Failed to 
specify server's Kerberos principal name
Exception in thread "main" java.io.IOException: Failed on local exception: 
java.io.IOException: java.lang.IllegalArgumentException: Failed to specify 
server's Kerberos principal name; Host Details : local host is: 
"weichiu-encryption-1.vpc.cloudera.com/172.26.8.185"; destination host is: 
"weichiu-encryption-1.vpc.cloudera.com":8022;
        at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772)
        at org.apache.hadoop.ipc.Client.call(Client.java:1470)
        at org.apache.hadoop.ipc.Client.call(Client.java:1403)
        at 
org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:230)
        at com.sun.proxy.$Proxy11.listSpanReceivers(Unknown Source)
        at 
org.apache.hadoop.tracing.TraceAdminProtocolTranslatorPB.listSpanReceivers(TraceAdminProtocolTranslatorPB.java:58)
        at 
org.apache.hadoop.tracing.TraceAdmin.listSpanReceivers(TraceAdmin.java:68)
        at org.apache.hadoop.tracing.TraceAdmin.run(TraceAdmin.java:177)
        at org.apache.hadoop.tracing.TraceAdmin.main(TraceAdmin.java:195)
Caused by: java.io.IOException: java.lang.IllegalArgumentException: Failed to 
specify server's Kerberos principal name
        at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:682)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
        at 
org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:645)
        at 
org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:733)
        at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:370)
        at org.apache.hadoop.ipc.Client.getConnection(Client.java:1519)
        at org.apache.hadoop.ipc.Client.call(Client.java:1442)
        ... 7 more
Caused by: java.lang.IllegalArgumentException: Failed to specify server's 
Kerberos principal name
        at 
org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:322)
        at 
org.apache.hadoop.security.SaslRpcClient.createSaslClient(SaslRpcClient.java:231)
        at 
org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:159)
        at 
org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
        at 
org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:555)
        at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:370)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:725)
        at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:721)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
        at 
org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:720)
        ... 10 more

It is failing because {{TraceAdmin}} does not set up the property 
{{CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY}}

Fixing it may require some restructuring, as the NameNode principal 
{{dfs.namenode.kerberos.principal}} is a HDFS property, but TraceAdmin is in 
hadoop-common. Or, specify it with a new command {{-principal}}. Any 
suggestions? Thanks



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

[jira] [Created] (HADOOP-13137) TraceAdmin should support Kerberized NameNode

Reply via email to