Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

CDH 5.14.4 federation and sentry ACL sync issue

Labels:
avatar
author-rank iamfromsky
Expert Contributor

Created ‎01-17-2024 01:35 AM

the platform is : CDH 5.14.4

after setting federation, the hdfs entrypoint is: viewfs://cluster6/ , the back namenode entrypoint is : hdfs://nameservice/ and hdfs://nameservice2/

add new warehouse directory is  /user2/hive/warehouse and managed by nameservice2.

but i found the strange things is  if i create database using hdfs://nameservice2, sentry can sync ACL with hdfs, but if i used viewfs://cluster6/ , sentry can not sync ACL.

for example:

create database test location '/user2/hive/warehouse/test.db'    can not sync ACL

but create database test location 'hdfs://nameservice2/user2/hive/warehouse/test.db' is ok.

who knows why ?

724 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank iamfromsky
Expert Contributor

Created ‎01-24-2024 10:45 PM

sentry issue list :

Relative URI paths not supported by Sentry

i was going to read the document of sentry , and found this issue. relative URI paths not support . i am not sure, i think viewfs://cluster6 is relative URI, the real path is hdfs://nameservice or hdfs://nameservice2

View solution in original post

673 Views
0 Kudos
2 REPLIES 2

avatar
author-rank iamfromsky
Expert Contributor

Created on ‎01-24-2024 10:17 PM - edited ‎01-24-2024 10:23 PM

recently, i was starting to investigate this issue by  debug information, the root cause is sentry didn't add the path to sentry table when using viewfs://clusterX, but sentry did add the path when using hdfs://nameservice or hdfs://nameservice2

the debug information is below:

1. DEBUG org.apache.sentry.service.thrift.NotificationProcessor: HMS Path Update [OP : addPath, authzObj : jlwang18, path : hdfs://nameservice/user/hive/warehouse/jlwang18.db, notification event ID: 103361576]

 

2.DEBUG org.apache.sentry.service.thrift.NotificationProcessor: HMS Path Update [OP : addPath, authzObj : jlwang17, path : viewfs://cluster6/user/hive/warehouse/jlwang17.db] - nothing to add, notification event ID: 103361563]

but i still don't know why nothing to add when using viewfs://cluster6 . 

674 Views

avatar
author-rank iamfromsky
Expert Contributor

Created ‎01-24-2024 10:45 PM

sentry issue list :

Relative URI paths not supported by Sentry

i was going to read the document of sentry , and found this issue. relative URI paths not support . i am not sure, i think viewfs://cluster6 is relative URI, the real path is hdfs://nameservice or hdfs://nameservice2
674 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements