Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Upgraded HDP stack from 2.3.2 to 2.4.2. webhdfs curl failed to obtain user group information: java.io.IOException: Usernames not matched: name=hdfs != expected=hdfs-

Labels:
avatar
author-rank sreeram_chintal
New Contributor

Created ‎07-12-2016 06:44 PM

HI,

I recently upgraded from HDP 2.3.2 to HDP 2.4.2 on a secure cluster.

When I try to start MR History server, yarn Timeline service and HBase master service, all three are throwing the same error as

failed to obtain user group information: java.io.IOException: Usernames not matched: name=hdfs != expected=hdfs-REALM
Below is the stacktrace:

 File "/usr/lib/python2.6/site-packages/resource_management/libraries/providers/hdfs_resource.py", line 195, in run_command
    raise Fail(err_msg)
resource_management.core.exceptions.Fail: Execution of 'curl -sS -L -w '%{http_code}' -X GET --negotiate -u : 'http://znlhacdt0002.amer.zurich.corp:50070/webhdfs/v1/app-logs?op=GETFILESTATUS&user.name=hdfs'' returned status_code=403. 
{
  "RemoteException": {
    "exception": "SecurityException", 
    "javaClassName": "java.lang.SecurityException", 
    "message": "Failed to obtain user group information: java.io.IOException: Usernames not matched: name=hdfs != expected=hdfs-SANDBOX"
  }
}

Not sure why the user.name its using hdfs-sandox instead hdfs. When I tried the curl, it works with hdfs-sandbox, but doesnt work with hdfs. Please let me know where I have to change the config to make it work..
Any help is greatly appreciated.
thanks,
Sreeram
1,890 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
SBren author-rank
Cloudera Employee

Created ‎07-13-2016 01:57 AM

@Sreeram Chintalapudi This could happen if there is an incorrect RULE in "hadoop.security.auth_to_local" in /etc/hadoop/conf/core-site.xml. You can review/modify the contents by navigating to Ambari -> HDFS -> Configs -> Advanced -> Advanced core-site.xml -> hadoop.security.auth_to_local.

It should look similar to this;

RULE:[1:$1@$0](ambari-qa-EXAMPLE@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hbase-EXAMPLE@EXAMPLE.COM)s/.*/hbase/ 
RULE:[1:$1@$0](hdfs-EXAMPLE@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[1:$1@$0](spark-EXAMPLE@EXAMPLE.COM)s/.*/spark/ 
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// 
RULE:[1:$1@$0](.*@.*EXAMPLE.COM)s/@.*// 
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// 
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L 
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ 
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ 
RULE:[2:$1@$0](atlas@EXAMPLE.COM)s/.*/atlas/ 
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/ 
RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/ 
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ 
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ 
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](knox@EXAMPLE.COM)s/.*/knox/ 
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ 
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ 
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ 
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ 
DEFAULT

If you make any changes to the rules you will need to restart the affected services.

Hope this helps,

Steve

View solution in original post

1,482 Views
0 Kudos
3 REPLIES 3

avatar
SBren author-rank
Cloudera Employee

Created ‎07-13-2016 01:57 AM

@Sreeram Chintalapudi This could happen if there is an incorrect RULE in "hadoop.security.auth_to_local" in /etc/hadoop/conf/core-site.xml. You can review/modify the contents by navigating to Ambari -> HDFS -> Configs -> Advanced -> Advanced core-site.xml -> hadoop.security.auth_to_local.

It should look similar to this;

RULE:[1:$1@$0](ambari-qa-EXAMPLE@EXAMPLE.COM)s/.*/ambari-qa/
RULE:[1:$1@$0](hbase-EXAMPLE@EXAMPLE.COM)s/.*/hbase/ 
RULE:[1:$1@$0](hdfs-EXAMPLE@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[1:$1@$0](spark-EXAMPLE@EXAMPLE.COM)s/.*/spark/ 
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// 
RULE:[1:$1@$0](.*@.*EXAMPLE.COM)s/@.*// 
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*// 
RULE:[1:$1@$0](.*@EXAMPLE.COM)s/@.*///L 
RULE:[2:$1@$0](amshbase@EXAMPLE.COM)s/.*/ams/ 
RULE:[2:$1@$0](amszk@EXAMPLE.COM)s/.*/ams/ 
RULE:[2:$1@$0](atlas@EXAMPLE.COM)s/.*/atlas/ 
RULE:[2:$1@$0](dn@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](falcon@EXAMPLE.COM)s/.*/falcon/ 
RULE:[2:$1@$0](hbase@EXAMPLE.COM)s/.*/hbase/ 
RULE:[2:$1@$0](hive@EXAMPLE.COM)s/.*/hive/ 
RULE:[2:$1@$0](jhs@EXAMPLE.COM)s/.*/mapred/ 
RULE:[2:$1@$0](jn@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](knox@EXAMPLE.COM)s/.*/knox/ 
RULE:[2:$1@$0](nm@EXAMPLE.COM)s/.*/yarn/ 
RULE:[2:$1@$0](nn@EXAMPLE.COM)s/.*/hdfs/ 
RULE:[2:$1@$0](oozie@EXAMPLE.COM)s/.*/oozie/ 
RULE:[2:$1@$0](rm@EXAMPLE.COM)s/.*/yarn/ 
RULE:[2:$1@$0](yarn@EXAMPLE.COM)s/.*/yarn/ 
DEFAULT

If you make any changes to the rules you will need to restart the affected services.

Hope this helps,

Steve

1,483 Views
0 Kudos

avatar
author-rank sreeram_chintal
New Contributor

Created ‎07-13-2016 02:21 PM

Thanks Steve for the article..that did the trick...thanks again for all ur help

Sreeram

1,482 Views
0 Kudos

avatar
author-rank vvvvvdev
New Contributor

Created ‎09-01-2016 09:33 AM

Hi Sreeram,

I am also facing the same issue. Can you please tell me exactly what you did to solve the issue.

Thanks in advance

1,482 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements