No node in path [/ZKDTSMMasterKeyRoot/DK_18]

Bharatm · ‎04-11-2018

The distcp was wotking fine between two secure (kerberos) clusters.

After adding the Key Trustee KMS , the distcp Failed to renew token kms-dt

The kms.log show belowe errors....

2018-04-11 20:34:16,974 ERROR org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager: No node in path [/ZKDTSMMasterKeyRoot/DK_18]
2018-04-11 20:34:16,974 WARN org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: org.apache.hadoop.security.token.SecretManager$InvalidToken: Unable to find master key for keyId=18 from cache. Failed to renew an unexpired token (kms-dt owner=xxxxxx, renewer=yarn, realUser=, issueDate=1523496856532, maxDate=1524101656532, sequenceNumber=75, masterKeyId=18) with sequenceNumber=75

any pointers ?

MohammedFayum2 · ‎01-11-2019

Hi Bharatm,

Did you got any resolution of this Issue, we are getting exactly the same issue.

Thanks,

Fayum

lwang · ‎01-11-2019

Hi @MohammedFayum2,

Could you please let us know what are the source and target cluster CDH versions?

After CDH5.12.0 (which starting to contain the fix for HADOOP-14104), distcp between clusters that both have KMS (or by feature name: hdfs transparent encryption enabled) requires the exclude parameters (mapreduce.job.hdfs-servers.token-renewal.exclude). Without the parameter disctp will fail with the error complaining about delegation token renewal.

Thanks and hope this helps,

Li

Li Wang, Technical Solution Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Terms of Service

Community Guidelines

How to use the forum

No node in path [/ZKDTSMMasterKeyRoot/DK_18]

No node in path [/ZKDTSMMasterKeyRoot/DK_18]

Re: No node in path [/ZKDTSMMasterKeyRoot/DK_18]

Re: No node in path [/ZKDTSMMasterKeyRoot/DK_18]