Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Oozie REST API - Python - 401 Unauthorized

Labels:
avatar
author-rank jpasswaters
New Member

Created ‎12-12-2015 08:20 PM

I am trying to use the Requests library in Python to execute an Oozie workflow, via the REST API, in a kerberized Hadoop cluster. When trying to call the API I get a 401 Unauthorized message back.

#	kerberos_auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
        response = s.post(
                url     = 'http://localhost:11000/oozie/v1/jobs?action=start',
                params  = {'action': 'start'},
                headers = headers,
                data    = workflow_xml,
#               auth    = kerberos_auth
                auth    = ('user', 'pass')
        )

I have also tried including the Python Kerberos library with no success. I have looked through the Oozie log with no noticeable error messages. I am assuming it didn't even make it that far for an error to be written in the log.

8,530 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎12-12-2015 10:45 PM

@Jesse PasswatersGood article

Depending on the tool we’re using to connect, additional arguments might need to be specified. For example, to use curl, as we can see above we have to specify the --negotiate and -uarguments. The username and password we specify with -u doesn’t matter because we’re using Kerberos, so we can put whatever we want (e.g. foo:bar, or even just :). If we omit the -u then we’ll get a 401 Unauthorized error; even though its value is not actually being used.

View solution in original post

5,472 Views
0 Kudos
4 REPLIES 4

avatar
author-rank nsabharwal
Master Mentor

Created ‎12-12-2015 10:45 PM

@Jesse PasswatersGood article

Depending on the tool we’re using to connect, additional arguments might need to be specified. For example, to use curl, as we can see above we have to specify the --negotiate and -uarguments. The username and password we specify with -u doesn’t matter because we’re using Kerberos, so we can put whatever we want (e.g. foo:bar, or even just :). If we omit the -u then we’ll get a 401 Unauthorized error; even though its value is not actually being used.

5,473 Views
0 Kudos

avatar
author-rank jpasswaters
New Member

Created ‎12-13-2015 12:09 AM

Thanks @Neeraj Sabharwal. I saw that article, but I guess it didn't click until you mentioned --negotiate.

I then found this article that explains how to correctly use the Kerberos library when authenticating. I have yet to try it, but have confidence it will work.

5,472 Views

avatar
author-rank korvi__nareshku
New Member

Created ‎02-10-2016 02:35 PM

Was this answered? I tried the given suggestion, but still i'm getting following error.

I'm running my oozie java application through curl from edge node.

Steps ran:

1. kinit
2. curl -i -s --negotiate -u n590368c -X POST -H "Content-Type:application/xml" -d @wordcount.xml oozie_url:11000/oozie/v2/jobs?action=start
Error:
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Path=/; Domain= ; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
HTTP/1.1 201 Created
Server: Apache-Coyote/1.1

...............................................

5,472 Views
0 Kudos

avatar
author-rank jpasswaters
New Member

Created ‎02-10-2016 06:36 PM

Are you using the FQDN for the oozie url?

5,472 Views
0 Kudos
Announcements
Community Announcements
Welcome to the Cloudera Community!
Community Announcements
September 2025 Community Highlights
What's New @ Cloudera
Upgrade Your Spark Experience: Introducing CDS 3.5 for Cloud...
Community Announcements
August 2025 Community Highlights
Community Announcements
July 2025 Community Highlights
View More Announcements