04-27-2015 11:36 PM
Using Hue and Oozie, how can I run a specific workflow or action within a workflow as another user?
I have tried the following:
The error message for 2 and 3 is as follows:
ErrorType [FAILED], ErrorCode [JA010], Message [JA010: Property [user.name] not allowed in action [inline configuration] configuration] org.apache.oozie.action.ActionExecutorException: JA010: Property [user.name] not allowed in action [inline configuration] configuration at org.apache.oozie.action.hadoop.JavaActionExecutor.checkForDisallowedProps(JavaActionExecutor.java:198) at org.apache.oozie.action.hadoop.JavaActionExecutor.parseJobXmlAndConfiguration(JavaActionExecutor.java:451) at org.apache.oozie.action.hadoop.JavaActionExecutor.setupActionConf(JavaActionExecutor.java:468) at org.apache.oozie.action.hadoop.ShellActionExecutor.setupActionConf(ShellActionExecutor.java:55) at org.apache.oozie.action.hadoop.JavaActionExecutor.submitLauncher(JavaActionExecutor.java:893) at org.apache.oozie.action.hadoop.JavaActionExecutor.start(JavaActionExecutor.java:1145) at org.apache.oozie.command.wf.ActionStartXCommand.execute(ActionStartXCommand.java:228) at org.apache.oozie.command.wf.ActionStartXCommand.execute(ActionStartXCommand.java:63) at org.apache.oozie.command.XCommand.call(XCommand.java:281) at org.apache.oozie.service.CallableQueueService$CompositeCallable.call(CallableQueueService.java:323) at org.apache.oozie.service.CallableQueueService$CompositeCallable.call(CallableQueueService.java:252) at org.apache.oozie.service.CallableQueueService$CallableWrapper.run(CallableQueueService.java:174) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745)
05-08-2015 11:49 AM
I believe Hue runs Oozie workflows as the user you are logged into Hue as. The easiest way to run a workflow as a different user is to log into Hue as a different user. Per the Oozie documentation, there are actions where you are not allowed to override the user/group:
05-14-2015 04:06 AM
Thanks for the response, unfortunatelly I am none the wiser :|
Specifically I would want to run a shell action as another user. What we observe is that shell actions are not run as the user who logged in to Hue, rather they run under user "yarn".
Is there any way to get shell actions to run as another user?
05-15-2015 12:39 PM
05-21-2015 09:55 AM
That blog post is a little outdated at this point. It all depends on your Yarn configuration:
- DefaultContainerExecutor: 'yarn'
- With yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users=false (default), it runs as yarn.nodemanager.linux-container-executor.nonsecure-mode.local-user (default is 'nobody')
- With yarn.nodemanager.linux-container-executor.nonsecure-mode.limit-users=true, it runs as the user submitting the workflow
I'd encourage you to use any of the other actions (e.g. Java action) if possible; they will all run as the user who submitted the workflow.
07-13-2015 01:29 PM
The workaround seems to refer to https://issues.apache.org/jira/browse/YARN-2424 - although it seems to suggest "false" instead of "true", and anyone requires Hadoop 2.6.0.
(Is there a more understandable explanation for application developers that just want to put together simple Oozie workflows?)
I have the same issue on CDH 5.2.0, and this workaround does not work for me.
04-26-2016 05:54 PM