Cloudera Labs
Provide feedback on Cloudera Labs
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to access Multiple HDFS having Different Realms through Java Programme?

How to access Multiple HDFS having Different Realms through Java Programme?

New Contributor

I have two different Cloudera cluster which is secured with Kerberos authentication having different Realm name and I want to list the HDFS directories of both the cluster but I can't able to do it

 

First Realm -    ALICE.DBR.COM

Second Realm - BOB.DBR.COM

 

I am using UGI  to authenticate the service it works when I use only one REALM name at a time but when I execute it with multiple realms. I got only one result and the second time I got the error

 

ERROR

NoMatchingRule: No rules applied to hdfs/ip@REALM.COM
at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:200)

 

But I already set the DEFAULT Rule in both the cases 

 

Here is my Java Code

 

System.out.println("Login with ALICE.DBR.COM");

String user = "hdfs/" + args[0] + "@" + args[1].toUpperCase() +".DBR.COM";
String keyPath = "/path/hdfs.keytab";
Configuration conf = new Configuration();
conf.set("fs.defaultFS", "hdfs://" + args[0] + ":9000");
conf.set("hadoop.security.authentication", "kerberos");
System.setProperty("java.security.krb5.kdc", args[0]);
System.setProperty("java.security.krb5.realm", args[1].toUpperCase() + ".DBR.COM");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(user, keyPath);
FileSystem fs = FileSystem.get(conf);
FileStatus[] fsStatus = fs.listStatus(new Path("/"));
System.out.println("List directory for tenant " + args[1]);
for (int i = 0; i < fsStatus.length; i++) {
System.out.println(fsStatus[i].getPath().toString());
}

System.out.println("Login with BOB.DBR.COM");

user = "hdfs/" + args[2] + "@" + args[3].toUpperCase() + ".DBR.COM";
keyPath = "/path1/hdfs.keytab";
Configuration conf1 = new Configuration();
conf1.set("fs.defaultFS", "hdfs://" + args[2] + ":9000");
conf1.set("hadoop.security.authentication", "kerberos");
System.setProperty("java.security.krb5.kdc", args[2]);
System.setProperty("java.security.krb5.realm", args[3].toUpperCase() + ".DBR.COM");
UserGroupInformation.setConfiguration(conf1);
UserGroupInformation.loginUserFromKeytab(user, keyPath);
FileSystem fs1 = FileSystem.get(conf1);
fsStatus = fs1.listStatus(new Path("/"));
System.out.println("List directory for " + args[2]);
for (int i = 0; i < fsStatus.length; i++) {
System.out.println(fsStatus[i].getPath().toString());
}

 

It only lists the directories fo ALICE.DBR.COM 

 

 

How can I able to use Different UGI with Different Realms in Kerberos?

 

 

 

 

Don't have an account?
Coming from Hortonworks? Activate your account here