Actually I solved this by not using '*' thereby replacing by localhost and a group which my user belongs to.
On Thu, Nov 8, 2012 at 7:31 PM, Saiph Kappa <[email protected]> wrote: > Here goes my logs: > > oozie.log > > 2012-11-08 17:42:16,603 INFO org.apache.hadoop.ipc.Server: IPC Server > listener on 9000: readAndProcess threw exception > org.apache.hadoop.security.AccessControlException: Connection from > 127.0.0.1:39171 for protocol > org.apache.hadoop.hdfs.protocol.ClientProtocol is unauthorized for user > saiph via saiph. Count of bytes read: 0 > org.apache.hadoop.security.AccessControlException: Connection from > 127.0.0.1:39171 for protocol > org.apache.hadoop.hdfs.protocol.ClientProtocol is unauthorized for user > saiph via saiph > at > org.apache.hadoop.ipc.Server$Connection.processOneRpc(Server.java:1287) > at > org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1182) > at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:537) > at > org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:344) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > at java.lang.Thread.run(Thread.java:662) > > hadoop-namenode.log > > 2012-11-08 17:42:16,606 ERROR UserGroupInformation:1096 - > PriviledgedActionException as:saiph via saiph > cause:org.apache.hadoop.ipc.RemoteException: User: saiph is not allowed to > impersonate saiph > 2012-11-08 17:42:16,606 INFO BaseJobServlet:539 - USER[saiph] GROUP[-] > TOKEN[-] APP[-] JOB[-] ACTION[-] AuthorizationException > org.apache.oozie.service.AuthorizationException: E0902: Exception occured: > [org.apache.hadoop.ipc.RemoteException: User: saiph is not allowed to > impersonate saiph] > at > org.apache.oozie.service.AuthorizationService.authorizeForApp(AuthorizationService.java:360) > at > org.apache.oozie.servlet.BaseJobServlet.checkAuthorizationForApp(BaseJobServlet.java:188) > at > org.apache.oozie.servlet.BaseJobsServlet.doPost(BaseJobsServlet.java:92) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) > at > org.apache.oozie.servlet.JsonRestServlet.service(JsonRestServlet.java:285) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.oozie.servlet.AuthFilter$2.doFilter(AuthFilter.java:126) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:372) > at > org.apache.oozie.servlet.AuthFilter.doFilter(AuthFilter.java:131) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.oozie.servlet.HostnameFilter.doFilter(HostnameFilter.java:67) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Thread.java:679) > Caused by: org.apache.oozie.service.HadoopAccessorException: E0902: > Exception occured: [org.apache.hadoop.ipc.RemoteException: User: saiph is > not allowed to impersonate saiph] > at > org.apache.oozie.service.HadoopAccessorService.createFileSystem(HadoopAccessorService.java:393) > at > org.apache.oozie.service.AuthorizationService.authorizeForApp(AuthorizationService.java:325) > ... 25 more > > > On Thu, Nov 8, 2012 at 6:48 PM, Harish Krishnan < > [email protected]> wrote: > >> Hi, >> >> I tried this on Oozie 3.3 and I'm hitting this issue as well. >> I'm using hadoop-1.0.4. This is my core-site.xml contents. biadmin is >> superuser. I installed both hadoop and Oozie as biadmin >> >> >> <!-- OOZIE --> >> <property> >> <name>hadoop.proxyuser.biadmin.hosts</name> >> <value>*</value> >> </property> >> <property> >> <name>hadoop.proxyuser.biadmin.groups</name> >> <value>*</value> >> </property> >> <property> >> <name>hadoop.proxyuser.oozie.hosts</name> >> <value>*</value> >> </property> >> <property> >> <name>hadoop.proxyuser.oozie.groups</name> >> <value>*</value> >> </property> >> >> And this is the exception that I see from the hadoop logs >> >> 2012-11-08 10:29:57,332 INFO org.apache.hadoop.ipc.Server: IPC Server >> listener on 9000: readAndProcess threw exception >> org.apache.hadoop.security.AccessControlException: Connection from >> 127.0.0.1:34272 for protocol >> org.apache.hadoop.hdfs.protocol.ClientProtocol >> is unauthorized for user biadmin via biadmin. Count of bytes read: 0 >> org.apache.hadoop.security.AccessControlException: Connection from >> 127.0.0.1:34272 for protocol >> org.apache.hadoop.hdfs.protocol.ClientProtocol >> is unauthorized for user biadmin via biadmin >> at >> org.apache.hadoop.ipc.Server$Connection.processOneRpc(Server.java:1287) >> at >> org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1182) >> at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:537) >> at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:344) >> at >> >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) >> at >> >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) >> at java.lang.Thread.run(Thread.java:662) >> >> >> >> Thanks & Regards, >> Harish.T.K >> >> >> On Wed, Nov 7, 2012 at 6:04 PM, Saiph Kappa <[email protected]> >> wrote: >> >> > saiph is a superuser yes. I built oozie with that user, and oozie is >> > currently running with that user also. But I'm unable to run the >> examples, >> > e.g.: /oozie-3.2.0-distro$ bin/oozie job -oozie >> > http://localhost:11000/oozie-config >> > examples/apps/java-main/job.properties -run >> > Error: E0902 : E0902: Exception occured: >> > [org.apache.hadoop.ipc.RemoteException: User: saiph is not allowed to >> > impersonate saiph] >> > >> > Also tried to run the above command with sudo, obtaining the following >> > error: >> > Error: E0902 : E0902: Exception occured: >> > [org.apache.hadoop.ipc.RemoteException: User: saiph is not allowed to >> > impersonate root] >> > >> > Thanks/Regards. >> > >> > On Thu, Nov 8, 2012 at 1:44 AM, Harish Krishnan < >> > [email protected] >> > > wrote: >> > >> > > Is saiph a superuser? >> > > >> > > Thanks & Regards, >> > > Harish.T.K >> > > >> > > >> > > On Wed, Nov 7, 2012 at 5:41 PM, Saiph Kappa <[email protected]> >> > wrote: >> > > >> > > > Correction: >> > > > >> > > > <property> >> > > > <name>hadoop.proxyuser.saiph.hosts</name> >> > > > <value>*</value> >> > > > </property> >> > > > <property> >> > > > <name>hadoop.proxyuser.saiph.groups</name> >> > > > <value>*</value> >> > > > </property> >> > > > >> > > > >> > > > On Thu, Nov 8, 2012 at 1:40 AM, Saiph Kappa <[email protected]> >> > > wrote: >> > > > >> > > > > Sorry, I already did that in core-site.xml: >> > > > > >> > > > > <property> >> > > > > <name>hadoop.proxyuser.sesteves.hosts</name> >> > > > > <value>*</value> >> > > > > </property> >> > > > > <property> >> > > > > <name>hadoop.proxyuser.sesteves.groups</name> >> > > > > <value>*</value> >> > > > > </property> >> > > > > >> > > > > But the error persists. >> > > > > >> > > > > On Thu, Nov 8, 2012 at 1:22 AM, Roman Shaposhnik < >> > [email protected] >> > > > >wrote: >> > > > > >> > > > >> On Wed, Nov 7, 2012 at 5:11 PM, Saiph Kappa < >> [email protected]> >> > > > >> wrote: >> > > > >> > Hi, >> > > > >> > >> > > > >> > I've downloaded the last stable oozie release (3.2.0). It >> brings >> > > > >> > hadoop libs upto version 1.0.1, but that release is not >> available >> > > from >> > > > >> > the hadoop repositories (just the 1.0.4). So I tried running >> > hadoop >> > > > >> > 1.0.4 with oozie and, besides performing all the proxy >> > > configurations >> > > > >> > to the oozie user (in core-site.xml), I still got the following >> > > error >> > > > >> > while trying to run the examples: >> > > > >> > «Error: E0902 :E0902: Exception >> > > > >> > occured:[org.apache.hadoop.ipc.RemoteException: User: saiph is >> not >> > > > >> > allowed to impersonate saiph]» >> > > > >> > >> > > > >> > Any idea of what could be wrong? >> > > > >> >> > > > >> Yes. You need to setup proxy users on the hadoop side: >> > > > >> >> > > > >> http://hadoop.apache.org/docs/stable/Secure_Impersonation.html >> > > > >> >> > > > >> Thanks, >> > > > >> Roman. >> > > > >> >> > > > > >> > > > > >> > > > >> > > >> > >> > >
