Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Oozie REST API - Python - 401 Unauthorized

Labels:
avatar
author-rank jpasswaters
Contributor

Created ‎12-12-2015 08:20 PM

I am trying to use the Requests library in Python to execute an Oozie workflow, via the REST API, in a kerberized Hadoop cluster. When trying to call the API I get a 401 Unauthorized message back.

#	kerberos_auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL)
        response = s.post(
                url     = 'http://localhost:11000/oozie/v1/jobs?action=start',
                params  = {'action': 'start'},
                headers = headers,
                data    = workflow_xml,
#               auth    = kerberos_auth
                auth    = ('user', 'pass')
        )

I have also tried including the Python Kerberos library with no success. I have looked through the Oozie log with no noticeable error messages. I am assuming it didn't even make it that far for an error to be written in the log.

7,967 Views
0 Kudos
0
1 ACCEPTED SOLUTION

avatar
author-rank nsabharwal
Master Mentor

Created ‎12-12-2015 10:45 PM

@Jesse PasswatersGood article

Depending on the tool we’re using to connect, additional arguments might need to be specified. For example, to use curl, as we can see above we have to specify the --negotiate and -uarguments. The username and password we specify with -u doesn’t matter because we’re using Kerberos, so we can put whatever we want (e.g. foo:bar, or even just :). If we omit the -u then we’ll get a 401 Unauthorized error; even though its value is not actually being used.

View solution in original post

4,909 Views
0 Kudos
0
4 REPLIES 4

avatar
author-rank nsabharwal
Master Mentor

Created ‎12-12-2015 10:45 PM

@Jesse PasswatersGood article

Depending on the tool we’re using to connect, additional arguments might need to be specified. For example, to use curl, as we can see above we have to specify the --negotiate and -uarguments. The username and password we specify with -u doesn’t matter because we’re using Kerberos, so we can put whatever we want (e.g. foo:bar, or even just :). If we omit the -u then we’ll get a 401 Unauthorized error; even though its value is not actually being used.

4,910 Views
0 Kudos
0

avatar
author-rank jpasswaters
Contributor

Created ‎12-13-2015 12:09 AM

Thanks @Neeraj Sabharwal. I saw that article, but I guess it didn't click until you mentioned --negotiate.

I then found this article that explains how to correctly use the Kerberos library when authenticating. I have yet to try it, but have confidence it will work.

4,909 Views

avatar
author-rank korvi__nareshku
New Contributor

Created ‎02-10-2016 02:35 PM

Was this answered? I tried the given suggestion, but still i'm getting following error.

I'm running my oozie java application through curl from edge node.

Steps ran:

1. kinit
2. curl -i -s --negotiate -u n590368c -X POST -H "Content-Type:application/xml" -d @wordcount.xml oozie_url:11000/oozie/v2/jobs?action=start
Error:
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
WWW-Authenticate: Negotiate
Set-Cookie: hadoop.auth=; Path=/; Domain= ; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
HTTP/1.1 201 Created
Server: Apache-Coyote/1.1

...............................................

4,909 Views
0 Kudos

avatar
author-rank jpasswaters
Contributor

Created ‎02-10-2016 06:36 PM

Are you using the FQDN for the oozie url?

4,909 Views
0 Kudos
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements