Andy, Given your configuration:
If using non-kerberos setup, the username running the oozie server should be 'oozie'. If using a kerberos setup, the Kerberos principal running the oozier server should be 'oozie/<HOST>' Is this the case? Thx On Fri, Feb 1, 2013 at 10:00 AM, aasfo kxi <[email protected]> wrote: > Sorry. Accidentally hit send before pasting my config.... > > <property> > <name>hadoop.proxyuser.oozie.hosts</name> > <value><NAME_OF_OOZIE_HOST></value> > </property> > > <property> > <name>hadoop.proxyuser.oozie.groups</name> > <value>oozie,hadoop</value> > </property> > > Thanks. > > Andy > > > On Thu, Jan 31, 2013 at 8:44 PM, Alejandro Abdelnur <[email protected] > >wrote: > > > Hadoop 1.0.4 does not support wildcards '*' in the proxyuser hosts/groups > > properties. Starting with Hadoop 1.1.1 this is supported. Hadoop > > 2.0.2-alpha supports it. > > > > You cannot patch Oozie to ignore this. This is on Hadoop side. And it has > > its very good reason, is to be able to control who can impersonate other > > users (Oozie in this case), from what hostnames the impersonator is > allowed > > to impersonate, users in which groups the impersonator can impersonate. > You > > have 3 dimensions to control, in development this may be a bit annoying, > > but in production it is a must. With the support of wildcards for > hostnames > > and groups you must only worry (if you don't care about security) about > > setting the right properties for the impersonator UID with the wildcards. > > > > Thx > > > > > > On Thu, Jan 31, 2013 at 6:22 PM, Grant Ingersoll <[email protected] > > >wrote: > > > > > What options have you tried? I seem to recall you need some things on > > the > > > Hadoop side, too. FWIW, this is easily the most annoying/confusing > thing > > > in Oozie. Sometimes it's simplest to patch the code to turn it off > > > completely. > > > > > > On Jan 31, 2013, at 6:55 PM, aasfo kxi wrote: > > > > > > > I am getting conflicting information on the following settings: > > > > > > > > hadoop.proxyuser.oozie.hosts > > > > hadoop.proxyuser.oozie.groups > > > > > > > > This thread states that the first is a list of hostnames: > > > > http://bit.ly/WEeqSn > > > > This thread states that the first is a list of usernames: > > > > http://bit.ly/VqUAcU > > > > > > > > Neither has worked for me and I am still getting: > > > > > > > > Exception occured: [org.apache.hadoop.ipc.RemoteException: User: > oozie > > is > > > > not allowed to impersonate oozie] > > > > > > > > No matter what combination of user / hosts / groups, etc that I try. > I > > > am > > > > unsure as to which one I should be troubleshooting at this point. > > > > > > > > Hadoop v.1.0.4 > > > > Oozie v.3.3.1 > > > > > > > > Thanks for any help. > > > > > > > > kx > > > > > > > > > > > > > > > -- > > Alejandro > > > -- Alejandro
