Support Questions

jean_jeancarl48 · ‎02-09-2017

Hi, When I tried to execute a job by oozie I got this error

Main class [org.apache.oozie.action.hadoop.ShellMain], exit code [1]

After take a look to the yarn log I got this permission problem

2017-02-09 13:14:40,746 WARN  resourcemanager.RMAuditLogger (RMAuditLogger.java:logFailure(285)) - USER=scf	IP=x.x.x.x	OPERATION=getServiceState	TARGET=AdminService	RESULT=FAILURE	DESCRIPTION=Unauthorized user	PERMISSIONS=
2017-02-09 13:14:40,747 INFO  ipc.Server (Server.java:run(2158)) - IPC Server handler 0 on 8033, call org.apache.hadoop.ha.HAServiceProtocol.getServiceStatus from x.x.x.x:37178 Call#0 Retry#0
org.apache.hadoop.security.AccessControlException: User pns doesn't have permission to call 'getServiceState'
	at org.apache.hadoop.yarn.server.resourcemanager.RMServerUtils.verifyAdminAccess(RMServerUtils.java:191)
	at org.apache.hadoop.yarn.server.resourcemanager.RMServerUtils.verifyAdminAccess(RMServerUtils.java:157)
	at org.apache.hadoop.yarn.server.resourcemanager.AdminService.checkAccess(AdminService.java:229)
	at org.apache.hadoop.yarn.server.resourcemanager.AdminService.getServiceStatus(AdminService.java:350)
	at org.apache.hadoop.ha.protocolPB.HAServiceProtocolServerSideTranslatorPB.getServiceStatus(HAServiceProtocolServerSideTranslatorPB.java:131)
	at org.apache.hadoop.ha.proto.HAServiceProtocolProtos$HAServiceProtocolService$2.callBlockingMethod(HAServiceProtocolProtos.java:4464)
	at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:616)
	at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:969)
	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2137)
	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2133)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1657)
	at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2131)

Can anyone be so nice to tell me how to fix the permission for the user scf ? I

dheer_vijji_rag · ‎02-09-2017

@Jean Rivera are you trying to access YARN RM service state from your script with user scf? if yes then it won't work as this action needs a YARN user (yarn by default) priviliges, i.e. you need to have same privilege as yarn user.

Is there a specific reason that you are getting the service state?

Thanks

Venkat

jean_jeancarl48 · ‎02-09-2017

@Venkata Sudheer Kumar M

Hi, acctually no, this is the log of my resource manager. I run a job by oozie

dheer_vijji_rag · ‎02-10-2017

@jean rivera from the job you are running through Oozie is trying to get the YARN RM HA/ NN HA status?

jean_jeancarl48 · ‎02-10-2017

@Venkata Sudheer Kumar M

it seems so, yes

dheer_vijji_rag · ‎02-10-2017

@jean rivera then you need to get rid of that to run as scf user, we don't have to get the status.

Support Questions

User scf doesn't have permission to call 'getServiceState'