-
Re: notorious impersonation ERROR - SOLVEDMatt Goeke 2012-11-09, 16:54
Andy,
For future reference there is a list dedicated to Oozie (
[EMAIL PROTECTED]) that is full of people who have worked through
issues like these. Feel free to ping that next time you have a question
specific to the Oozie project.
--
Matt
On Fri, Nov 9, 2012 at 10:06 AM, Kartashov, Andy <[EMAIL PROTECTED]>wrote:
> Guys,
>
> OK, this is what you need to do to enable Oozie impersonation of a User.
>
> Forget about modifying oozie-site.xml. The only file I needed to modify
> was core-site.xml.
>
> Explanation:
> The superuser must be configured on namenode and jobtracker to be allowed
> to impersonate another user. Following configurations are required.
>
> <property>
> <name>hadoop.proxyuser.oozie.groups</name>
> <value>group1,group2</value>
> <description>Allow the superuser oozie to impersonate any
> members of the group group1 and group2</description>
> </property>
> <property>
> <name>hadoop.proxyuser.oozie.hosts</name>
> <value>host1,host2</value>
> <description>The superuser can connect only from host1 and
> host2 to impersonate a user</description>
> </property>
>
> If these configurations are not present, impersonation will not be allowed
> and connection will fail.
>
> I changed: group1 to Hadoop and host1 to ip-address of the node that I
> am running oozie from.
>
> Happy hadooping.
>
> AK47
> -----Original Message-----
> From: Oleg Zhurakousky [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 09, 2012 9:34 AM
> To: [EMAIL PROTECTED]
> Subject: Re: notorious impersonation ERROR
>
> Not sure, haven't got that far yet ;)
>
> On Nov 9, 2012, at 9:27 AM, "Kartashov, Andy" <[EMAIL PROTECTED]>
> wrote:
>
> > Oleg,
> >
> > Thanks. I had added oozie to the hadoop group. Do I also need to restart
> NN daemon?
> >
> >
> > -----Original Message-----
> > From: Oleg Zhurakousky [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, November 09, 2012 9:24 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: notorious impersonation ERROR
> >
> > Have you tried this?
> >
> > Let's say your oozie user is 'oozie' and Name node group is called hadoop
> >
> > sudo adduser --ingroup hadoop oozie
> >
> > Oleg
> >
> > On Nov 9, 2012, at 9:20 AM, "Kartashov, Andy" <[EMAIL PROTECTED]>
> wrote:
> >
> >> Guys,
> >>
> >> Came across this error like many others who tried to run Ooozie
> examples. Searched and read bunch of posts on this topic. Even came across
> Harsh's response stipulating that oozie user must be added to the user
> group on the name node but it wasn't explained how. Any insight please?
> >>
> >> Thnks,
> >> aK47
> >> NOTICE: This e-mail message and any attachments are confidential,
> subject to copyright and may be privileged. Any unauthorized use, copying
> or disclosure is prohibited. If you are not the intended recipient, please
> delete and contact the sender immediately. Please consider the environment
> before printing this e-mail. AVIS : le présent courriel et toute pièce
> jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur
> et peuvent être couverts par le secret professionnel. Toute utilisation,
> copie ou divulgation non autorisée est interdite. Si vous n'êtes pas le
> destinataire prévu de ce courriel, supprimez-le et contactez immédiatement
> l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent
> courriel
> >
> > NOTICE: This e-mail message and any attachments are confidential,
> subject to copyright and may be privileged. Any unauthorized use, copying
> or disclosure is prohibited. If you are not the intended recipient, please
> delete and contact the sender immediately. Please consider the environment
> before printing this e-mail. AVIS : le présent courriel et toute pièce
> jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur
> et peuvent être couverts par le secret professionnel. Toute utilisation,
For future reference there is a list dedicated to Oozie (
[EMAIL PROTECTED]) that is full of people who have worked through
issues like these. Feel free to ping that next time you have a question
specific to the Oozie project.
--
Matt
On Fri, Nov 9, 2012 at 10:06 AM, Kartashov, Andy <[EMAIL PROTECTED]>wrote:
> Guys,
>
> OK, this is what you need to do to enable Oozie impersonation of a User.
>
> Forget about modifying oozie-site.xml. The only file I needed to modify
> was core-site.xml.
>
> Explanation:
> The superuser must be configured on namenode and jobtracker to be allowed
> to impersonate another user. Following configurations are required.
>
> <property>
> <name>hadoop.proxyuser.oozie.groups</name>
> <value>group1,group2</value>
> <description>Allow the superuser oozie to impersonate any
> members of the group group1 and group2</description>
> </property>
> <property>
> <name>hadoop.proxyuser.oozie.hosts</name>
> <value>host1,host2</value>
> <description>The superuser can connect only from host1 and
> host2 to impersonate a user</description>
> </property>
>
> If these configurations are not present, impersonation will not be allowed
> and connection will fail.
>
> I changed: group1 to Hadoop and host1 to ip-address of the node that I
> am running oozie from.
>
> Happy hadooping.
>
> AK47
> -----Original Message-----
> From: Oleg Zhurakousky [mailto:[EMAIL PROTECTED]]
> Sent: Friday, November 09, 2012 9:34 AM
> To: [EMAIL PROTECTED]
> Subject: Re: notorious impersonation ERROR
>
> Not sure, haven't got that far yet ;)
>
> On Nov 9, 2012, at 9:27 AM, "Kartashov, Andy" <[EMAIL PROTECTED]>
> wrote:
>
> > Oleg,
> >
> > Thanks. I had added oozie to the hadoop group. Do I also need to restart
> NN daemon?
> >
> >
> > -----Original Message-----
> > From: Oleg Zhurakousky [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, November 09, 2012 9:24 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: notorious impersonation ERROR
> >
> > Have you tried this?
> >
> > Let's say your oozie user is 'oozie' and Name node group is called hadoop
> >
> > sudo adduser --ingroup hadoop oozie
> >
> > Oleg
> >
> > On Nov 9, 2012, at 9:20 AM, "Kartashov, Andy" <[EMAIL PROTECTED]>
> wrote:
> >
> >> Guys,
> >>
> >> Came across this error like many others who tried to run Ooozie
> examples. Searched and read bunch of posts on this topic. Even came across
> Harsh's response stipulating that oozie user must be added to the user
> group on the name node but it wasn't explained how. Any insight please?
> >>
> >> Thnks,
> >> aK47
> >> NOTICE: This e-mail message and any attachments are confidential,
> subject to copyright and may be privileged. Any unauthorized use, copying
> or disclosure is prohibited. If you are not the intended recipient, please
> delete and contact the sender immediately. Please consider the environment
> before printing this e-mail. AVIS : le présent courriel et toute pièce
> jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur
> et peuvent être couverts par le secret professionnel. Toute utilisation,
> copie ou divulgation non autorisée est interdite. Si vous n'êtes pas le
> destinataire prévu de ce courriel, supprimez-le et contactez immédiatement
> l'expéditeur. Veuillez penser à l'environnement avant d'imprimer le présent
> courriel
> >
> > NOTICE: This e-mail message and any attachments are confidential,
> subject to copyright and may be privileged. Any unauthorized use, copying
> or disclosure is prohibited. If you are not the intended recipient, please
> delete and contact the sender immediately. Please consider the environment
> before printing this e-mail. AVIS : le présent courriel et toute pièce
> jointe qui l'accompagne sont confidentiels, protégés par le droit d'auteur
> et peuvent être couverts par le secret professionnel. Toute utilisation,
