Wei-Chiu Chuang created HADOOP-13137: ----------------------------------------
Summary: TraceAdmin should support Kerberized NameNode Key: HADOOP-13137 URL: https://issues.apache.org/jira/browse/HADOOP-13137 Project: Hadoop Common Issue Type: Bug Components: tracing Affects Versions: 2.6.0, 3.0.0 Environment: CDH5.5.1 cluster with Kerberos Reporter: Wei-Chiu Chuang Assignee: Wei-Chiu Chuang When I run {{hadoop trace}} command for a Kerberized NameNode, it failed with the following error: [hdfs@weichiu-encryption-1 root]$ hadoop trace -list -host weichiu-encryption-1.vpc.cloudera.com:802216/05/12 00:02:13 WARN ipc.Client: Exception encountered while connecting to the server : java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name 16/05/12 00:02:13 WARN security.UserGroupInformation: PriviledgedActionException as:h...@vpc.cloudera.com (auth:KERBEROS) cause:java.io.IOException: java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name Exception in thread "main" java.io.IOException: Failed on local exception: java.io.IOException: java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name; Host Details : local host is: "weichiu-encryption-1.vpc.cloudera.com/172.26.8.185"; destination host is: "weichiu-encryption-1.vpc.cloudera.com":8022; at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772) at org.apache.hadoop.ipc.Client.call(Client.java:1470) at org.apache.hadoop.ipc.Client.call(Client.java:1403) at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:230) at com.sun.proxy.$Proxy11.listSpanReceivers(Unknown Source) at org.apache.hadoop.tracing.TraceAdminProtocolTranslatorPB.listSpanReceivers(TraceAdminProtocolTranslatorPB.java:58) at org.apache.hadoop.tracing.TraceAdmin.listSpanReceivers(TraceAdmin.java:68) at org.apache.hadoop.tracing.TraceAdmin.run(TraceAdmin.java:177) at org.apache.hadoop.tracing.TraceAdmin.main(TraceAdmin.java:195) Caused by: java.io.IOException: java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:682) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671) at org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:645) at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:733) at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:370) at org.apache.hadoop.ipc.Client.getConnection(Client.java:1519) at org.apache.hadoop.ipc.Client.call(Client.java:1442) ... 7 more Caused by: java.lang.IllegalArgumentException: Failed to specify server's Kerberos principal name at org.apache.hadoop.security.SaslRpcClient.getServerPrincipal(SaslRpcClient.java:322) at org.apache.hadoop.security.SaslRpcClient.createSaslClient(SaslRpcClient.java:231) at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:159) at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396) at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:555) at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:370) at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:725) at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:721) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:415) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671) at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:720) ... 10 more It is failing because {{TraceAdmin}} does not set up the property {{CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY}} Fixing it may require some restructuring, as the NameNode principal {{dfs.namenode.kerberos.principal}} is a HDFS property, but TraceAdmin is in hadoop-common. Or, specify it with a new command {{-principal}}. Any suggestions? Thanks -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org