[jira] [Created] (AMBARI-9279) MapReduce2 Service Check fails after enabling Kerberos with permission issue in local filesystem

Thu, 22 Jan 2015 11:57:13 -0800 

Robert Levas created AMBARI-9279:
------------------------------------

             Summary: MapReduce2 Service Check fails after enabling Kerberos 
with permission issue in local filesystem
                 Key: AMBARI-9279
                 URL: https://issues.apache.org/jira/browse/AMBARI-9279
             Project: Ambari
          Issue Type: Bug
          Components: ambari-agent
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
            Priority: Blocker
             Fix For: 2.0.0


After enabling Kerberos MapReduce2 Service Check failed with issue writing to 
local file system:

{code}
Init:
drwxrwxr-x 5 yarn hadoop 4096 Jan 22 00:01 /hadoop/yarn/local
drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
drwxr-x--- 4 yarn hadoop 4096 Jan 22 00:00 
/hadoop/yarn/local/usercache/ambari-qa
drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
/hadoop/yarn/local/usercache/ambari-qa/appcache

Kerb:
drwxrwxr-x 5 yarn hadoop 4096 Jan 22 01:23 /hadoop/yarn/local
drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
drwxr-s--- 4 ambari-qa hadoop 4096 Jan 22 00:00 
/hadoop/yarn/local/usercache/ambari-qa
drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
/hadoop/yarn/local/usercache/ambari-qa/appcache

Can't create directory 
/hadoop/yarn/local/usercache/ambari-qa/appcache/application_1421889721625_0001 
- Permission denied
main : user is ambari-qa
main : requested yarn user is ambari-qa
{code}

The service check does not fail when run before enabling Kerberos.


{code:title=Filesystem BEFORE enabling Kerberos}
drwxrwxr-x 5 yarn hadoop 4096 Jan 22 00:01 /hadoop/yarn/local
drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
drwxr-x--- 4 yarn hadoop 4096 Jan 22 00:00 
/hadoop/yarn/local/usercache/ambari-qa
drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
/hadoop/yarn/local/usercache/ambari-qa/appcache
{code}

{code:title=Filesystem AFTER enabling Kerberos}
drwxrwxr-x 5 yarn hadoop 4096 Jan 22 01:23 /hadoop/yarn/local
drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
drwxr-s--- 4 ambari-qa hadoop 4096 Jan 22 00:00 
/hadoop/yarn/local/usercache/ambari-qa
drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
/hadoop/yarn/local/usercache/ambari-qa/appcache
{code}

It appears that the user executing the task is {{ambari-qa}} after enabling 
Kerberos, there is no indication what user is executing the task before 
enabling Kerberos.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to