Boris, By default Hadoop tries to map groups/usernames from the NameNode's unix list. You can see http://www.cloudera.com/blog/2012/03/authorization-and-authentication-in-hadoop/for a brief but complete summary on how the system is.
So unless hadoop is in one of the groups its been designated to allow, it will not allow. Perhaps you can set the groups to *, to allow all groups, or set to a group "hadoop" (or whatever group "hadoop" is in) to allow it properly, and restart NN to check. Please let us know if that works. On Thu, Jul 19, 2012 at 4:56 PM, Boris Shulman <[email protected]> wrote: > 1) I did restart the NameNode. > 2) Do you mean on the OS level? Than no, so do I need to specify OS level > group in the config? (supergroup is the group that I see in hadoop fs -ls > on the files..) > > On Thu, Jul 19, 2012 at 2:12 PM, Harsh J <[email protected]> wrote: > > > Hey Boris, > > > > Did you restart the NameNode after making this change in the > core-site.xml > > of Hadoop? > > > > Also, is "hadoop" in the supergroup physically? That is, does "groups > > hadoop" show supergroup in its output? > > > > On Thu, Jul 19, 2012 at 12:31 PM, Boris Shulman <[email protected]> > > wrote: > > > > > I am trying to run Oozie 3.2.0 on Hadoop 1.1.0 build. > > > > > > *I put the following configuration in the core-site.xml (in both hadpp > > and > > > oozie conf):* > > > > > > <property> > > > <name>hadoop.proxyuser.hadoop.groups</name> > > > <value>supergroup</value> > > > <description>Allow the superuser hadoop to impersonate > any > > > members of any group</description> > > > </property> > > > <property> > > > <name>hadoop.proxyuser.hadoop.hosts</name> > > > <value>127.0.0.1</value> > > > <description>The superuser can connect only from > > > localhost to impersonate a user</description> > > > </property> > > > > > > > > > > > > *Also I added the following in the oozie-site.xml * > > > > > > <property> > > > > > <name>oozie.service.ProxyUserService.proxyuser.hadoop.hosts</name> > > > <value>*</value> > > > <description> > > > > > > </description> > > > </property> > > > > > > <property> > > > > > <name>oozie.service.ProxyUserService.proxyuser.hadoop.groups</name> > > > <value>*</value> > > > <description> > > > > > > </description> > > > > > > When I try to submit oozie job I get the following error: > > > > > > *In the oozie log:* > > > > > > ... 26 more > > > 2012-07-19 09:45:32,861 WARN V1JobsServlet:542 - USER[hadoop] GROUP[-] > > > TOKEN[-] APP[-] JOB[-] ACTION[-] URL[POST > > > http://localhost:11000/oozie/v1/jobs?action=start] error[E0902], > E0902: > > > Exception occured: [org.apache.hadoop.ipc.RemoteException: User: hadoop > > is > > > not allowed to impersonate hadoop] > > > org.apache.oozie.servlet.XServletException: E0902: Exception occured: > > > [org.apache.hadoop.ipc.RemoteException: User: hadoop is not allowed to > > > impersonate hadoop] > > > at > > > > > > > > > org.apache.oozie.servlet.BaseJobServlet.checkAuthorizationForApp(BaseJobServlet.java:199) > > > at > > org.apache.oozie.servlet.BaseJobsServlet.doPost(BaseJobsServlet.java:92) > > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > > > > > > > > > > > > *in the NN log:* > > > > > > 2012-07-19 09:59:10,840 INFO org.apache.hadoop.ipc.Server: IPC Server > > > listener on 9000: readAndProcess threw exception > > > org.apache.hadoop.security.AccessControlException: Connection from > > > 127.0.0.1:56413 for protocol > > > org.apache.hadoop.hdfs.protocol.ClientProtocol > > > is unauthorized for user hadoop via hadoop. Count of bytes read: 0 > > > > > > org.apache.hadoop.security.AccessControlException: Connection from > > > 127.0.0.1:56413 for protocol > > > org.apache.hadoop.hdfs.protocol.ClientProtocol > > > is unauthorized for user hadoop via hadoop > > > > > > at > > org.apache.hadoop.ipc.Server$Connection.processOneRpc(Server.java:1292) > > > > > > at > > org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1187) > > > > > > at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:538) > > > > > > at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:345) > > > > > > at > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > > > > > > at > > > > > > > > > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > > > > > > at java.lang.Thread.run(Thread.java:662) > > > > > > > > > What do I miss here? > > > > > > Regards,\ > > > Boris. > > > > > > > > > > > -- > > Harsh J > > > -- Harsh J
