Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Apache Oozie Distcp Action with Kerberos enabled clusters

Labels:
avatar
author-rank aervits
Master Mentor

Created ‎03-10-2017 04:41 PM

my environment requires that I pass 

-D ipc.client.fallback-to-simple-auth-allowed=true

to distcp command, in distcp 0.2 action specification for Oozie 4.2, I see java-opts option and I can't seem to make workflow run by passing this property. The only way I can imagine it work is if I put the property in core-site.xml which in production clusters is not feasible. My workflow for reference is

<action name="distcp_1">
        <distcp xmlns="uri:oozie:distcp-action:0.2">
            <job-tracker>${resourceManager}</job-tracker>
            <name-node>${nameNode}</name-node>
            <arg>hdfs://aervits-hdp70:8020/tmp/hellounsecure</arg>
            <arg>hdfs://hacluster:8020/user/centos/</arg>
            <java-opts>-Dipc.client.fallback-to-simple-auth-allowed=true</java-opts>
        </distcp>
        <ok to="end"/>
        <error to="kill"/>
    </action>
6,823 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank pminovic author-rank
Master Guru

Created ‎03-11-2017 12:08 AM

That property is used when one cluster is kerberized and the other isn't, is this your case? If both clusters are kerberized you need to set "oozie.launcher.mapreduce.job.hdfs-servers" property. Regarding your property can you try to pass it as an arg:

<arg>-Dipc.client.fallback-to-simple-auth-allowed=true</arg>

I don't think the space after "-D" matters, but you can try either way.

View solution in original post

6,138 Views
0
13 REPLIES 13

avatar
author-rank aervits
Master Mentor

Created ‎03-11-2017 02:19 AM

@Predrag Minovic & @Venkat Ranganathan the only way this works with secure and insecure cluster is if core-site.xml has the property below on the secured cluster side.

    <property>
      <name>ipc.client.fallback-to-simple-auth-allowed</name>
      <value>true</value>
    </property>

uploading core-site.xml with this property in it in the lib folder of the workflow doesn't work. <arg> and <java-opts> for this property take no effect. job config would not update, the only way to make it work was to update on the hdfs side globally.

Thank you both for your recommendations, eventually it was Predrag who suggested to update HDFS with the property. This is not optimal but for lack of better option will do. It's best to have either two unsecure or two secure clusters.

2,564 Views
0 Kudos

avatar
author-rank pminovic author-rank
Master Guru

Created ‎03-11-2017 02:25 AM

Can you try to put your copy of core-site.xml with that property set to true in the Oozie share lib folder for distcp?

2,564 Views
0 Kudos

avatar
author-rank aervits
Master Mentor

Created ‎03-11-2017 02:44 AM

adding to sharelib of distcp core-site.xml with this property does not take effect and including it in lib directory of the workflow doesn't take effect either.

2,564 Views

avatar
author-rank pminovic author-rank
Master Guru

Created ‎03-11-2017 02:57 AM

That's good to know! Many restrictions with Oozie...

2,564 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
What's New @ Cloudera
Performance comparison of Spark3 on YARN with S3 Standard VS...
View More Announcements