[jira] [Created] (HDFS-8485) Transparent Encryption Fails to work with Yarn/MapReduce

Ambud Sharma (JIRA) Wed, 27 May 2015 08:35:09 -0700

Ambud Sharma created HDFS-8485:
----------------------------------

             Summary: Transparent Encryption Fails to work with Yarn/MapReduce
                 Key: HDFS-8485
                 URL: https://issues.apache.org/jira/browse/HDFS-8485
             Project: Hadoop HDFS
          Issue Type: Bug
         Environment: RHEL-7, Kerberos 5
            Reporter: Ambud Sharma



Running a simple MapReduce job that writes to a path configured as an 
encryption zone throws exception

11:26:26,343 INFO  [org.apache.hadoop.mapreduce.Job] (pool-14-thread-1) Task Id 
: attempt_1432740034176_0001_m_000000_2, Status : FAILED
11:26:26,346 ERROR [stderr] (pool-14-thread-1) Error: java.io.IOException: 
org.apache.hadoop.security.authentication.client.AuthenticationException: 
GSSException: No valid credentials provided (Mechanism level: Failed to find 
any Kerberos tgt)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:424)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.decryptEncryptedKey(KMSClientProvider.java:710)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.decryptEncryptedKey(KeyProviderCryptoExtension.java:388)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DFSClient.decryptEncryptedDataEncryptionKey(DFSClient.java:1358)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1457)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DFSClient.createWrappedOutputStream(DFSClient.java:1442)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DistributedFileSystem$6.doCall(DistributedFileSystem.java:400)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DistributedFileSystem$6.doCall(DistributedFileSystem.java:393)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
11:26:26,346 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:393)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.hdfs.DistributedFileSystem.create(DistributedFileSystem.java:337)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.fs.FileSystem.create(FileSystem.java:908)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.fs.FileSystem.create(FileSystem.java:889)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.fs.FileSystem.create(FileSystem.java:786)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
com.lmig.ets.cortex.dingestion.s3.ingestion.S3ImportMR$S3ImportMapper.map(S3ImportMR.java:112)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
com.lmig.ets.cortex.dingestion.s3.ingestion.S3ImportMR$S3ImportMapper.map(S3ImportMR.java:43)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.mapreduce.Mapper.run(Mapper.java:145)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.mapred.MapTask.runNewMapper(MapTask.java:784)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.mapred.MapTask.run(MapTask.java:341)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.mapred.YarnChild$2.run(YarnChild.java:163)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
java.security.AccessController.doPrivileged(Native Method)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
javax.security.auth.Subject.doAs(Subject.java:422)
11:26:26,347 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:158)
11:26:26,348 ERROR [stderr] (pool-14-thread-1) Caused by: 
org.apache.hadoop.security.authentication.client.AuthenticationException: 
GSSException: No valid credentials provided (Mechanism level: Failed to find 
any Kerberos tgt)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:306)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:196)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:127)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:216)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.openConnection(DelegationTokenAuthenticatedURL.java:322)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:418)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider$1.run(KMSClientProvider.java:413)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
java.security.AccessController.doPrivileged(Native Method)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
javax.security.auth.Subject.doAs(Subject.java:422)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
11:26:26,348 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.crypto.key.kms.KMSClientProvider.createConnection(KMSClientProvider.java:413)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  ... 23 more
11:26:26,349 ERROR [stderr] (pool-14-thread-1) Caused by: GSSException: No 
valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:285)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator$1.run(KerberosAuthenticator.java:261)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
java.security.AccessController.doPrivileged(Native Method)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
javax.security.auth.Subject.doAs(Subject.java:422)
11:26:26,349 ERROR [stderr] (pool-14-thread-1)  at 
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.doSpnegoSequence(KerberosAuthenticator.java:261)
11:26:26,350 ERROR [stderr] (pool-14-thread-1)  ... 33 more
11:26:26,350 ERROR [stderr] (pool-14-thread-1) 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (HDFS-8485) Transparent Encryption Fails to work with Yarn/MapReduce

Reply via email to