-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33015/
-----------------------------------------------------------
Review request for Falcon.
Bugs: FALCON-1149
https://issues.apache.org/jira/browse/FALCON-1149
Repository: falcon-git
Description
-------
In a Feed replication, the Oozie Java action executes on the target and
accesses the source cluster read only endpoint (which is a webhdfs endpoint).
The Java action does not have the delegation tokens for the source cluster
populated in its UGI/conf and this results in authentication failure
Diffs
-----
oozie/src/main/java/org/apache/falcon/oozie/feed/FSReplicationWorkflowBuilder.java
6feb32e
oozie/src/main/java/org/apache/falcon/oozie/feed/FeedReplicationWorkflowBuilder.java
288e9de
oozie/src/main/java/org/apache/falcon/oozie/feed/HCatReplicationWorkflowBuilder.java
30ca0a8
Diff: https://reviews.apache.org/r/33015/diff/
Testing
-------
We did not catch this earlier as we were testing this on single node secure
clusters and there was a krb cache for the user (as part of the cluster setup)
that allowed WebHDFSFS to request delegation tokens as the target user.
Destroying the context allowed us to even reproduce it in single node clusters
Thanks,
Venkat Ranganathan
