[
https://issues.apache.org/jira/browse/HADOOP-8225?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13424128#comment-13424128
]
Daryn Sharp commented on HADOOP-8225:
-------------------------------------
Yarn tasks are supposed to load the credentials into the conf, and then job
submission is supposed to write them back out from the conf. It's supposed to
be transparent. This patch is assuming private knowledge of the aforementioned
inner workings by hardcoding a yarn env var
({{ApplicationConstants.CONTAINER_TOKEN_FILE_ENV_NAME}}), and hardcoding a
mapreduce conf key ({{MAPREDUCE_JOB_CREDENTIALS_BINARY}}).
Are you sure the conf isn't being mishandled which is losing the tokens?
> DistCp fails when invoked by Oozie
> ----------------------------------
>
> Key: HADOOP-8225
> URL: https://issues.apache.org/jira/browse/HADOOP-8225
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 0.23.1
> Reporter: Mithun Radhakrishnan
> Attachments: HADOOP-8225.patch, HADOOP-8225.patch
>
>
> When DistCp is invoked through a proxy-user (e.g. through Oozie), the
> delegation-token-store isn't picked up by DistCp correctly. One sees failures
> such as:
> ERROR [main] org.apache.hadoop.tools.DistCp: Couldn't complete DistCp
> operation:
> java.lang.SecurityException: Intercepted System.exit(-999)
> at
> org.apache.oozie.action.hadoop.LauncherSecurityManager.checkExit(LauncherMapper.java:651)
> at java.lang.Runtime.exit(Runtime.java:88)
> at java.lang.System.exit(System.java:904)
> at org.apache.hadoop.tools.DistCp.main(DistCp.java:357)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.oozie.action.hadoop.LauncherMapper.map(LauncherMapper.java:394)
> at org.apache.hadoop.mapred.MapRunner.run(MapRunner.java:54)
> at org.apache.hadoop.mapred.MapTask.runOldMapper(MapTask.java:399)
> at org.apache.hadoop.mapred.MapTask.run(MapTask.java:334)
> at org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:147)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:396)
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1177)
> at org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:142)
> Looking over the DistCp code, one sees that HADOOP_TOKEN_FILE_LOCATION isn't
> being copied to mapreduce.job.credentials.binary, in the job-conf. I'll post
> a patch for this shortly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
