[
https://issues.apache.org/jira/browse/NIFI-6124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797285#comment-16797285
]
Hari Sekhon edited comment on NIFI-6124 at 3/20/19 3:54 PM:
------------------------------------------------------------
Correct, the PTR wasn't set for that IP, and it's a non-native HDFS storage
device pretending to be a NN but outside of our control so setting the FQDN
explicitly solved the principal problem, although we didn't stop to think too
much in to why _HOST was misbehaving at the time but this is an old well known
problem.
Thanks for the feedback and reminding us. Closing now.
was (Author: harisekhon):
Correct, the PTR wasn't set for that IP, and it's a non-native HDFS storage
device pretending to be a NN but outside of our control so setting the FQDN
explicitly solved the principal problem, although we didn't stop to think too
much in to why _HOST was misbehaving at the time but this is an old well known
problem.
Thanks for feedback and reminding us. Closing now.
> NiFi HDFS processors resolve Kerberos principal _HOST component to an IP
> address and get wrong principal error - Server has invalid Kerberos
> principal: ...host..., expecting: ...ip...
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-6124
> URL: https://issues.apache.org/jira/browse/NIFI-6124
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Hari Sekhon
> Priority: Major
>
> NiFi HDFS processors appear to be resolving the host component of the
> kerberos principal given an hdfs-site.xml using the usual Hadoop _HOST
> placeholder like so:
> {code:java}
> <property>
> <name>dfs.namenode.kerberos.principal</name>
> <value>hdfs/_HOST@<domain></value>
> </property>{code}
> This sort of configuration works across the Hadoop ecosystem but not in NiFi
> it seems where it results in an exception like this:
> {code:java}
> 2019-03-15 09:55:42,556 INFO [Timer-Driven Process Thread-6]
> o.a.h.io.retry.RetryInvocationHandler java.io.IOException: Failed on local
> exception: java.io.IOException: Couldn't set up IO streams:
> java.lang.IllegalArgumentException: Server has invalid Kerberos principal:
> hdfs/<fqdn>@<domain>, expecting: hdfs/<ip_x.x.x.x>@<domain>; Host Details :
> local host is: "<fqdn>/<ip_x.x.x.x>"; destination host is:
> "<ip_x.x.x.x>":8020; , while invoking
> ClientNamenodeProtocolTranslatorPB.getFileInfo over
> <ip_x.x.x.x>/<ip_x.x.x.x>:8020 after 9 failover attempts. Trying to failover
> after sleeping for 17661ms.
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
