[jira] [Updated] (AMBARI-9279) MapReduce2 Service Check fails after enabling Kerberos with permission issue in local filesystem

Thu, 22 Jan 2015 12:07:43 -0800 

     [ 
https://issues.apache.org/jira/browse/AMBARI-9279?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Robert Levas updated AMBARI-9279:
---------------------------------
    Attachment: AMBARI-9279_01.patch

Directories shown to have incorrect ACL are being re-assigned with expected 
access control.

Patch File [^AMBARI-9279_01.patch]

> MapReduce2 Service Check fails after enabling Kerberos with permission issue 
> in local filesystem
> ------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-9279
>                 URL: https://issues.apache.org/jira/browse/AMBARI-9279
>             Project: Ambari
>          Issue Type: Bug
>          Components: ambari-agent
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>            Priority: Blocker
>              Labels: kerberos, mapreduce
>             Fix For: 2.0.0
>
>         Attachments: AMBARI-9279_01.patch
>
>
> After enabling Kerberos MapReduce2 Service Check failed with issue writing to 
> local file system:
> {code}
> Init:
> drwxrwxr-x 5 yarn hadoop 4096 Jan 22 00:01 /hadoop/yarn/local
> drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
> drwxr-x--- 4 yarn hadoop 4096 Jan 22 00:00 
> /hadoop/yarn/local/usercache/ambari-qa
> drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
> /hadoop/yarn/local/usercache/ambari-qa/appcache
> Kerb:
> drwxrwxr-x 5 yarn hadoop 4096 Jan 22 01:23 /hadoop/yarn/local
> drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
> drwxr-s--- 4 ambari-qa hadoop 4096 Jan 22 00:00 
> /hadoop/yarn/local/usercache/ambari-qa
> drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
> /hadoop/yarn/local/usercache/ambari-qa/appcache
> Can't create directory 
> /hadoop/yarn/local/usercache/ambari-qa/appcache/application_1421889721625_0001
>  - Permission denied
> main : user is ambari-qa
> main : requested yarn user is ambari-qa
> {code}
> The service check does not fail when run before enabling Kerberos.
> {code:title=Filesystem BEFORE enabling Kerberos}
> drwxrwxr-x 5 yarn hadoop 4096 Jan 22 00:01 /hadoop/yarn/local
> drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
> drwxr-x--- 4 yarn hadoop 4096 Jan 22 00:00 
> /hadoop/yarn/local/usercache/ambari-qa
> drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
> /hadoop/yarn/local/usercache/ambari-qa/appcache
> {code}
> {code:title=Filesystem AFTER enabling Kerberos}
> drwxrwxr-x 5 yarn hadoop 4096 Jan 22 01:23 /hadoop/yarn/local
> drwxr-xr-x 3 yarn hadoop 4096 Jan 22 00:00 /hadoop/yarn/local/usercache
> drwxr-s--- 4 ambari-qa hadoop 4096 Jan 22 00:00 
> /hadoop/yarn/local/usercache/ambari-qa
> drwx--x--- 2 yarn hadoop 4096 Jan 22 00:01 
> /hadoop/yarn/local/usercache/ambari-qa/appcache
> {code}
> It appears that the user executing the task is {{ambari-qa}} after enabling 
> Kerberos, there is no indication what user is executing the task before 
> enabling Kerberos.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to