Support Questions

dstreev · ‎09-25-2015

hadoop distcp -i -log /tmp/ hdfs://xxx:8020/apps/yyyy hdfs://xxx_cid/tmp/

In this case the "xxx" is the "un-secure" cluster, while "xxx_cid" in the secure cluster.

We are launching the job from the Kerberos cluster, with the appropriate kinit for the user and getting the following error:

java.io.IOException: Failed on local exception: java.io.IOException: Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.; Host Details : local host is: "xxx/10.x.x.x"; destination host is: "xxx":8020;

...

Caused by: java.io.IOException: Server asks us to fall back to SIMPLE auth, but this client is configured to only allow secure connections.

I thought by launching the job from the secure cluster, that we could avoid any access issues. But it appears that the processes are kicked off from the "source" cluster. In this case, that's the insecure cluster.

Idea's on getting around this?

cnauroth · ‎11-18-2015

I recommend not setting this in core-site.xml, and instead setting it on the command line invocation specifically for the DistCp command that needs to communicate with the unsecured cluster. Setting it in core-site.xml means that all RPC connections for any application are eligible for fallback to simple authentication. This potentially expands the attack surface for man-in-the-middle attacks.

Here is an example of overriding the setting on the command line while running DistCp:

hadoop distcp -D ipc.client.fallback-to-simple-auth-allowed=true hdfs://nn1:8020/foo/bar hdfs://nn2:8020/bar/foo

The command must be run while logged into the secured cluster, not the unsecured cluster.

View solution in original post

hari_prsd14 · ‎03-16-2016

getting below error after running the command "hadoop distcp -D ipc.client.fallback-to-simple-auth-allowed=true hdfs://nn1:8020/foo/bar hdfs://nn2:8020/bar/foo"
java.io.EOFException:End of FileException between local host is***; destination host is:***;
please suggest

irunker · ‎09-30-2024

非安全集群被阻止rpc通信，使用webhdfs协议，hadoop distcp -D ipc.client.fallback-to-simple-auth-allowed=true webhdfs://nn1:50070/foo/bar hdfs://nn2:8020/bar/foo

hari_prsd14 · ‎03-16-2016

getting below error after running the command "hadoop distcp -D ipc.client.fallback-to-simple-auth-allowed=true hdfs://nn1:8020/foo/bar hdfs://nn2:8020/bar/foo"

java.io.EOFException: End of File Exception between local host is *** ; destination host is:***;


please suggest

kshaffer_tpgs · ‎05-13-2016

I have found that using webhdfs instead of hdfs for the nonsecure host gets around this error, e.g.,

"hadoop distcp -D ipc.client.fallback-to-simple-auth-allowed=true webhdfs://nn1:8020/foo/bar hdfs://nn2:8020/bar/foo"

saramakr · ‎05-25-2016

can you try this

hadoop distcp –D ipc.client.falback-tosimple-auth-allowed=true webhdfs://insecureCluster webhdfs://secureCluster

leonidzav · ‎03-07-2017

We had similar issue.

Most likely you have following property in /etc/hadoop/conf/hdfs-site.xml:

<property>
  <name>dfs.namenode.acls.enabled</name>
  <value>true</value>
  </property

Remove this property or set it to "false". It should help.

turing_nix · ‎04-04-2017

Am doing distcp from insecure to secure hadop cluster and am getting error "SIMPLE authentication isnot enabled". Can any one suggest.

hdfs@master02:~> hadoop distcp -Dipc.client.fallback-to-simple-auth-allowed=true hdfs://HDP23:8020/test01.txt hdfs://HDP24:8020/

17/04/0500:09:28 ERROR tools.DistCp:Invalid arguments:org.apache.hadoop.security.AccessControlException: SIMPLE authentication isnot enabled.Available:[TOKEN, KERBEROS]

badmanlive085 · ‎04-17-2019

LiteBlue is the U.S. Government website this is intended for authorized use only by Postal Service employees

Cloudera Community

Support Questions

Running distcp between two cluster: One Kerberized and the other is not