[
https://issues.apache.org/jira/browse/METRON-796?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940289#comment-15940289
]
ASF GitHub Bot commented on METRON-796:
---------------------------------------
GitHub user justinleet opened a pull request:
https://github.com/apache/incubator-metron/pull/488
METRON-796: Mpack uses wrong group for owning HDFS directories
## Contributor Comments
Reverts the group owner of a couple HDFS directories to be the hadoop
group, rather than the metron group (which is just metron). Right now, the
topologies run as the storm user (which belongs to the hadoop group), and
therefore didn't have permission to write to HDFS (including in quick and full
dev). This sets HDFS ownership to metron:hadoop, which lets it be handled
appropriately.
Other items, such as configs and installation files, were just left as the
metron group.
To test, just run up a dev environment and ensure files are being written
and ownership makes sense (/apps/metron/indexing/indexed is metron:hadoop with
755 perms). The individual sensors will be owned by storm:hadoop (proving that
writes work).
For example:
```
[vagrant@node1 ~]$ hdfs dfs -ls /apps/metron/indexing
Found 1 items
drwxrwxr-x - metron hadoop 0 2017-03-24 12:57
/apps/metron/indexing/indexed
[vagrant@node1 ~]$ hdfs dfs -ls /apps/metron/indexing/indexed
Found 3 items
drwxrwxr-x - storm hadoop 0 2017-03-24 13:01
/apps/metron/indexing/indexed/bro
drwxrwxr-x - storm hadoop 0 2017-03-24 13:01
/apps/metron/indexing/indexed/error
drwxrwxr-x - storm hadoop 0 2017-03-24 13:01
/apps/metron/indexing/indexed/snort
[vagrant@node1 ~]$ hdfs dfs -ls /apps/metron/indexing/indexed/bro
Found 1 items
-rw-r--r-- 1 storm hadoop 211393 2017-03-24 13:01
/apps/metron/indexing/indexed/bro/enrichment-null-0-0-1490360489968.json
```
As a note, metron_group existed twice in params_linux.py, so only the first
instance is changed to hadoop_group and pulled appropriately. The second is
left as-is.
## Pull Request Checklist
Thank you for submitting a contribution to Apache Metron (Incubating).
Please refer to our [Development
Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235)
for the complete guide to follow for contributions.
Please refer also to our [Build Verification
Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview)
for complete smoke testing guides.
In order to streamline the review of the contribution we ask you follow
these guidelines and ask you to double check the following:
### For all changes:
- [x] Is there a JIRA ticket associated with this PR? If not one needs to
be created at [Metron
Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
- [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [x] Has your PR been rebased against the latest commit within the target
branch (typically master)?
### For code changes:
- [x] Have you included steps to reproduce the behavior or problem that is
being changed or addressed?
- [x] Have you included steps or a guide to how the change may be verified
and tested manually?
- [x] Have you ensured that the full suite of tests and checks have been
executed in the root incubating-metron folder via:
```
mvn -q clean integration-test install && build_utils/verify_licenses.sh
```
- [x] Have you verified the basic functionality of the build by building
and running locally with Vagrant full-dev environment or the equivalent?
#### Note:
Please ensure that once the PR is submitted, you check travis-ci for build
issues and submit an update to your PR as soon as possible.
It is also recommened that [travis-ci](https://travis-ci.org) is set up for
your personal repository such that your branches are built there before
submitting a pull request.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/justinleet/incubator-metron METRON-796
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-metron/pull/488.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #488
----
commit ec7d070524334603e1712b4649e5600ded450284
Author: justinjleet <[email protected]>
Date: 2017-03-24T00:55:23Z
Updating group perms
----
> Mpack uses wrong group for owning HDFS directories
> --------------------------------------------------
>
> Key: METRON-796
> URL: https://issues.apache.org/jira/browse/METRON-796
> Project: Metron
> Issue Type: Bug
> Reporter: Justin Leet
> Assignee: Justin Leet
>
> org.apache.hadoop.security.AccessControlException: Permission denied:
> user=storm, access=WRITE,
> inode="/apps/metron/indexing/indexed/snort/enrichment-null-0-0-1490305873514.json":metron:metron:drwxrwx
> The group got changed a bit ago from cluster_env.user_group (hadoop) to
> cluster_env.metron_group (metron). However, because everything right now
> runs as the storm user (which is in the hadoop group), it doesn't have perms
> to write anymore.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
