Hello,
Pl. find attached text-file, having the sample-code for deleting a file on
"WebHDFS with kerberos security enabled".
I see that, this code is working successfully when run using "JDK-1.7-GA"
(i.e., with "J9VM - R27_Java727_GA_20131114_0833_B175264", as seen from
the output of the command: "java -version"). However, when the same code
is run using the JDK-1.7-SR1 or above (i.e., with "J9VM - R27_Java727_SR1
_20140410_1931_B195893", as seen from the output of the command: "java
-version"), it is failing with the exception shown in the attached
text-file below:
I also tried using the JDK-1.7-SR3.fp20 ("J9VM -
R27_Java727_SR3_20151022_1530_B273253") & got the same exception, that I
am seeing with JDK-1.7-SR1. I have executed all these tests, using the
same set of Hadoop/Hive-jars, the only change being the JDK-version.
Could you please see the same & provide your inputs / suggestions on how
to proceed further with this issue.
Thanks,
Ravi
conf = new Configuration();
conf.set("hadoop.security.authentication", "kerberos");
System.setProperty("java.security.krb5.conf","/etc/krb5.conf");
UserGroupInformation.setConfiguration(conf);
ugi =
UserGroupInformation.loginUserFromKeytabAndReturnUGI("[email protected]",
"/tmp/dsadm.service.keytab");
hdfsuri = new URI("webhdfs://isodvm132.in.ibm.com:50070") ;
System.out.println("Authentication Method =
"+ugi.getAuthenticationMethod()) ;
System.out.println("logged-in user = "+ugi.getShortUserName()) ;
System.out.println("hasKerbCredentials= "+ugi.hasKerberosCredentials()) ;
ugi.doAs(new PrivilegedExceptionAction<Object>(){
public Object run() throws IOException {
try {
fs = FileSystem.get(hdfsuri,conf);
fs.delete(new Path(path),false) ;
return null ;
}
catch (Exception e) {
e.printStackTrace(); }
return null ;
}
}
);
Authentication Method = KERBEROS
logged-in user = dsadm
hasKerbCredentials= true
java.lang.Exception: No credential
at
com.ibm.security.jgss.i18n.I18NException.throwException(I18NException.java:49)
at
com.ibm.security.krb5.internal.TgsCredentials.acquireSvcCreds(TgsCredentials.java:582)
at
com.ibm.security.krb5.Credentials.acquireSvcCreds(Credentials.java:1602)
at
com.ibm.security.jgss.mech.krb5.Krb5Context.initSecContext(Krb5Context.java:460)
at
com.ibm.security.jgss.mech.krb5.Krb5Context.initSecContext(Krb5Context.java:805)
at
com.ibm.security.jgss.mech.spnego.SPNEGOContext.createInitToken(SPNEGOContext.java:1146)
at
com.ibm.security.jgss.mech.spnego.SPNEGOContext.initSecContext(SPNEGOContext.java:529)
at
com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:382)
at
com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:331)
at
sun.net.www.protocol.http.spnego.NegotiatorImpl.init(NegotiatorImpl.java:126)
at
sun.net.www.protocol.http.spnego.NegotiatorImpl.<init>(NegotiatorImpl.java:135)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:85)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:541)
at
sun.net.www.protocol.http.Negotiator.getNegotiator(Negotiator.java:75)
at
sun.net.www.protocol.http.NegotiateAuthentication.isSupported(NegotiateAuthentication.java:116)
at
sun.net.www.protocol.http.AuthenticationHeader.parse(AuthenticationHeader.java:192)
at
sun.net.www.protocol.http.AuthenticationHeader.<init>(AuthenticationHeader.java:138)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1459)
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:479)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:334)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.access$200(WebHdfsFileSystem.java:90)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:613)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:1321)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:236)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getAuthParameters(WebHdfsFileSystem.java:428)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.toUrl(WebHdfsFileSystem.java:450)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractFsPathRunner.getUrl(WebHdfsFileSystem.java:696)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:608)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.delete(WebHdfsFileSystem.java:1177)
at OrcWriter$1.run(OrcWriter.java:271)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at OrcWriter.main(OrcWriter.java:266)
org.apache.hadoop.security.AccessControlException: Authentication required
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:338)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.access$200(WebHdfsFileSystem.java:90)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:613)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:1321)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:236)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getAuthParameters(WebHdfsFileSystem.java:428)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.toUrl(WebHdfsFileSystem.java:450)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractFsPathRunner.getUrl(WebHdfsFileSystem.java:696)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:608)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.delete(WebHdfsFileSystem.java:1177)
at OrcWriter$1.run(OrcWriter.java:271)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at OrcWriter.main(OrcWriter.java:266)
org.apache.hadoop.security.AccessControlException: Authentication required
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.validateResponse(WebHdfsFileSystem.java:338)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.access$200(WebHdfsFileSystem.java:90)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:613)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:1321)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getDelegationToken(WebHdfsFileSystem.java:236)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.getAuthParameters(WebHdfsFileSystem.java:428)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.toUrl(WebHdfsFileSystem.java:450)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractFsPathRunner.getUrl(WebHdfsFileSystem.java:696)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.runWithRetry(WebHdfsFileSystem.java:608)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.access$100(WebHdfsFileSystem.java:463)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner$1.run(WebHdfsFileSystem.java:492)
at
java.security.AccessController.doPrivileged(AccessController.java:366)
at javax.security.auth.Subject.doAs(Subject.java:572)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem$AbstractRunner.run(WebHdfsFileSystem.java:488)
at
org.apache.hadoop.hdfs.web.WebHdfsFileSystem.create(WebHdfsFileSystem.java:1150)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:909)
at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:890)
at
org.apache.hadoop.hive.ql.io.orc.WriterImpl.getStream(WriterImpl.java:2103)
at
org.apache.hadoop.hive.ql.io.orc.WriterImpl.flushStripe(WriterImpl.java:2120)
at
org.apache.hadoop.hive.ql.io.orc.WriterImpl.close(WriterImpl.java:2425)
at OrcWriter.main(OrcWriter.java:334)
