Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
MapReduce, mail # user - RE: notorious impersonation ERROR - SOLVED


Copy link to this message
-
RE: notorious impersonation ERROR - SOLVED
Kartashov, Andy 2012-11-09, 16:06
Guys,

OK, this is what you need to do to enable Oozie impersonation of a User.

Forget about  modifying oozie-site.xml. The only file I needed to modify was core-site.xml.

Explanation:
The superuser must be configured on namenode and jobtracker to be allowed to impersonate another user. Following configurations are required.

             <property>
               <name>hadoop.proxyuser.oozie.groups</name>
               <value>group1,group2</value>
               <description>Allow the superuser oozie to impersonate any members of the group group1 and group2</description>
             </property>
             <property>
               <name>hadoop.proxyuser.oozie.hosts</name>
               <value>host1,host2</value>
               <description>The superuser can connect only from host1 and host2 to impersonate a user</description>
             </property>

If these configurations are not present, impersonation will not be allowed and connection will fail.

I changed:  group1 to Hadoop  and host1 to ip-address of the node that I am running oozie from.

Happy hadooping.

AK47
-----Original Message-----
From: Oleg Zhurakousky [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 09, 2012 9:34 AM
To: [EMAIL PROTECTED]
Subject: Re: notorious impersonation ERROR

Not sure, haven't got that far yet ;)

On Nov 9, 2012, at 9:27 AM, "Kartashov, Andy" <[EMAIL PROTECTED]> wrote:

> Oleg,
>
> Thanks. I had added oozie to the hadoop group. Do I also need to restart NN daemon?
>
>
> -----Original Message-----
> From: Oleg Zhurakousky [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 09, 2012 9:24 AM
> To: [EMAIL PROTECTED]
> Subject: Re: notorious impersonation ERROR
>
> Have you tried this?
>
> Let's say your oozie user is 'oozie' and Name node group is called hadoop
>
> sudo adduser --ingroup hadoop oozie
>
> Oleg
>
> On Nov 9, 2012, at 9:20 AM, "Kartashov, Andy" <[EMAIL PROTECTED]> wrote:
>
>> Guys,
>>
>> Came across this error like many others who tried to run Ooozie examples. Searched and read bunch of posts on this topic. Even came across Harsh's response stipulating that oozie user must be added to the user group on the name node but it wasn't explained how. Any insight please?
>>
>> Thnks,
>> aK47
>> NOTICE: This e-mail message and any attachments are confidential, subject to copyright and may be privileged. Any unauthorized use, copying or disclosure is prohibited. If you are not the intended recipient, please delete and contact the sender immediately. Please consider the environment before printing this e-mail. AVIS : le présent courriel et toute pièce jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur et peuvent être couverts par le secret professionnel. Toute utilisation, copie ou divulgation non autorisée est interdite. Si vous n'êtes pas le destinataire prévu de ce courriel, supprimez-le et contactez immédiatement l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent courriel
>
> NOTICE: This e-mail message and any attachments are confidential, subject to copyright and may be privileged. Any unauthorized use, copying or disclosure is prohibited. If you are not the intended recipient, please delete and contact the sender immediately. Please consider the environment before printing this e-mail. AVIS : le présent courriel et toute pièce jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur et peuvent être couverts par le secret professionnel. Toute utilisation, copie ou divulgation non autorisée est interdite. Si vous n'êtes pas le destinataire prévu de ce courriel, supprimez-le et contactez immédiatement l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent courriel

NOTICE: This e-mail message and any attachments are confidential, subject to copyright and may be privileged. Any unauthorized use, copying or disclosure is prohibited. If you are not the intended recipient, please delete and contact the sender immediately. Please consider the environment before printing this e-mail. AVIS : le présent courriel et toute pièce jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur et peuvent être couverts par le secret professionnel. Toute utilisation, copie ou divulgation non autorisée est interdite. Si vous n'êtes pas le destinataire prévu de ce courriel, supprimez-le et contactez immédiatement l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent courriel