Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Oozie REST API - Python - 401 Unauthorized

Labels:
avatar
author-rank jpasswaters
Contributor

Created ‎12-12-2015 08:20 PM

I am trying to use the Requests library in Python to execute an Oozie workflow, via the REST API, in a kerberized Hadoop cluster. When trying to call the API I get a 401 Unauthorized message back.

#	kerberos_auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
        response = s.post(
                url     = 'http://localhost:11000/oozie/v1/jobs?action=start',
                params  = {'action': 'start'},
                headers = headers,
                data    = workflow_xml,
#               auth    = kerberos_auth
                auth    = ('user', 'pass')
        )

I have also tried including the Python Kerberos library with no success. I have looked through the Oozie log with no noticeable error messages. I am assuming it didn't even make it that far for an error to be written in the log.

7,691 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎12-12-2015 10:45 PM

@Jesse PasswatersGood article

Depending on the tool we’re using to connect, additional arguments might need to be specified. For example, to use curl, as we can see above we have to specify the --negotiate and -uarguments. The username and password we specify with -u doesn’t matter because we’re using Kerberos, so we can put whatever we want (e.g. foo:bar, or even just :). If we omit the -u then we’ll get a 401 Unauthorized error; even though its value is not actually being used.

View solution in original post

4,633 Views
0 Kudos
4 REPLIES 4

avatar
author-rank nsabharwal
Master Mentor

Created ‎12-12-2015 10:45 PM

@Jesse PasswatersGood article

Depending on the tool we’re using to connect, additional arguments might need to be specified. For example, to use curl, as we can see above we have to specify the --negotiate and -uarguments. The username and password we specify with -u doesn’t matter because we’re using Kerberos, so we can put whatever we want (e.g. foo:bar, or even just :). If we omit the -u then we’ll get a 401 Unauthorized error; even though its value is not actually being used.

4,634 Views
0 Kudos

avatar
author-rank jpasswaters
Contributor

Created ‎12-13-2015 12:09 AM

Thanks @Neeraj Sabharwal. I saw that article, but I guess it didn't click until you mentioned --negotiate.

I then found this article that explains how to correctly use the Kerberos library when authenticating. I have yet to try it, but have confidence it will work.

4,633 Views

avatar
author-rank korvi__nareshku
New Contributor

Created ‎02-10-2016 02:35 PM

Was this answered? I tried the given suggestion, but still i'm getting following error.

I'm running my oozie java application through curl from edge node.

Steps ran:

1. kinit
2. curl -i -s --negotiate -u n590368c -X POST -H "Content-Type:application/xml" -d @wordcount.xml oozie_url:11000/oozie/v2/jobs?action=start
Error:
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Path=/; Domain= ; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
HTTP/1.1 201 Created
Server: Apache-Coyote/1.1

...............................................

4,633 Views
0 Kudos

avatar
author-rank jpasswaters
Contributor

Created ‎02-10-2016 06:36 PM

Are you using the FQDN for the oozie url?

4,633 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements