Created 04-11-2018 07:11 PM
The distcp was wotking fine between two secure (kerberos) clusters.
After adding the Key Trustee KMS , the distcp Failed to renew token kms-dt
The kms.log show belowe errors....
2018-04-11 20:34:16,974 ERROR org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager: No node in path [/ZKDTSMMasterKeyRoot/DK_18]
2018-04-11 20:34:16,974 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: org.apache.hadoop.security.token.SecretManager$InvalidToken: Unable to find master key for keyId=18 from cache. Failed to renew an unexpired token (kms-dt owner=xxxxxx, renewer=yarn, realUser=, issueDate=1523496856532, maxDate=1524101656532, sequenceNumber=75, masterKeyId=18) with sequenceNumber=75
any pointers ?
Created 01-11-2019 07:40 AM
Created 01-11-2019 09:44 AM
Hi @MohammedFayum2,
Could you please let us know what are the source and target cluster CDH versions?
After CDH5.12.0 (which starting to contain the fix for HADOOP-14104), distcp between clusters that both have KMS (or by feature name: hdfs transparent encryption enabled) requires the exclude parameters (mapreduce.job.hdfs-servers.token-renewal.exclude). Without the parameter disctp will fail with the error complaining about delegation token renewal.
Thanks and hope this helps,
Li
Li Wang, Technical Solution Manager