Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
Hadoop >> mail # user >> Cannot start name node after turning on hadoop security


+
Allan Yan 2012-06-04, 17:37
Copy link to this message
-
Re: Cannot start name node after turning on hadoop security
Figured it out. Kerberos key is not created properly.

thanks
allan

On Mon, Jun 4, 2012 at 1:05 PM, Allan Yan <[EMAIL PROTECTED]> wrote:

> Sorry, the links should be:
>
>
> http://mail-archives.apache.org/mod_mbox/hadoop-common-user/201202.mbox/%[EMAIL PROTECTED]%3E
>
>
> http://lucene.472066.n3.nabble.com/Starting-datanode-in-secure-mode-td3297090.html
>
> -Hailun Yan
>
> ---------- Forwarded message ----------
> From: Allan Yan <[EMAIL PROTECTED]>
> Date: Mon, Jun 4, 2012 at 12:07 PM
> Subject: Fwd: Cannot start name node after turning on hadoop security
> To: [EMAIL PROTECTED]
>
>
> I found these two threads from mailing list:
>
>
> http://mail-archives.apache.org/mod_mbox/hadoop-common-user/201202.mbox/browser
>
> http://mail-archives.apache.org/mod_mbox/hadoop-common-user/201108.mbox/browser
>
> At least they were able to get name node up. Can someone please pointing
> out why I am getting that error?
>
> Thanks,
> allan
>
> ---------- Forwarded message ----------
> From: Allan Yan <[EMAIL PROTECTED]>
> Date: Mon, Jun 4, 2012 at 10:37 AM
> Subject: Cannot start name node after turning on hadoop security
> To: [EMAIL PROTECTED]
>
>
> My local environment: single ubuntu 11.10 desktop version, oracle jdk
> 7.0_04, MIT kerberos 5, apache hadoop-1.0.2.
>
> I am able to get kerberos working, here is my key:
>
> ------------------------------------------------------------------------------------------------------------------------------------------
> allan@localhost:~/tools/UnlimitedJCEPolicy$ klist -e
> Ticket cache: FILE:/tmp/krb5cc_1000
> Default principal: allan/admin@LOCALDOMAIN
>
> Valid starting     Expires            Service principal
> 06/03/12 22:55:30  06/04/12 08:55:30  krbtgt/LOCALDOMAIN@LOCALDOMAIN
> renew until 06/10/12 22:55:28, Etype (skey, tkt): aes256-cts-hmac-sha1-96,
> aes256-cts-hmac-sha1-96
>
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> However, after turning on hadoop security, I am not able to start name
> node. I turned on java security debug, here is the debug log and error
> message while trying to start NN:
>
> ------------------------------------------------------------------------------------------------------------------------------------------
> starting namenode, logging to
> /usr/local/hadoop-1.0.2/libexec/../logs/hadoop-allan-namenode-localhost.localdomain.out
> Config name: /etc/krb5.conf
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> localhost: starting datanode, logging to
> /usr/local/hadoop-1.0.2/libexec/../logs/hadoop-allan-datanode-localhost.localdomain.out
> localhost: Config name: /etc/krb5.conf
> localhost: >>>KinitOptions cache name is /tmp/krb5cc_1000
> localhost: >>>DEBUG <CCacheInputStream>  client principal is
> allan/admin@LOCALDOMAIN
> localhost: >>>DEBUG <CCacheInputStream> server principal is
> krbtgt/LOCALDOMAIN@LOCALDOMAIN
> localhost: >>>DEBUG <CCacheInputStream> key type: 18
> localhost: >>>DEBUG <CCacheInputStream> auth time: Sun Jun 03 22:17:13 PDT
> 2012
> localhost: >>>DEBUG <CCacheInputStream> start time: Sun Jun 03 22:17:18
> PDT 2012
> localhost: >>>DEBUG <CCacheInputStream> end time: Mon Jun 04 08:17:18 PDT
> 2012
> localhost: >>>DEBUG <CCacheInputStream> renew_till time: Sun Jun 10
> 22:17:08 PDT 2012
> localhost: >>> CCacheInputStream: readFlags()  FORWARDABLE; RENEWABLE;
> INITIAL; PRE_AUTH;
> localhost: starting secondarynamenode, logging to
> /usr/local/hadoop-1.0.2/libexec/../logs/hadoop-allan-secondarynamenode-localhost.localdomain.out
>
> ------------------------------------------------------------------------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------------
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB