Cloudera Community
timhywang
user rank
Explorer

Re: Unable to log storm audit events to hdfs (sand...

by Explorer in Support Questions
‎03-16-2018 10:06 PM
‎03-16-2018 10:06 PM
Turns out the typo was the problem. That's just so silly.... @vperiasamy thank you so much. ... View more

Re: Unable to log storm audit events to hdfs (sand...

by Explorer in Support Questions
‎03-16-2018 06:40 PM
‎03-16-2018 06:40 PM
@vperiasamy Thank you very much for your response. I already see a core-site.xml file in that directory. I moved it out and linked /etc/hadoop/conf/core-site.xml as described in the doc. Restarted hdfs, ranger, and storm, but I still see the same error. Is there any else I could've missed? ... View more

Unable to log storm audit events to hdfs (sandbox ...

by Explorer in Support Questions
‎03-16-2018 12:02 AM
‎03-16-2018 12:02 AM
Hi All, Product: Hortonworks Data Platform 2.6.3 Sandbox I am having trouble logging storm events to hdfs when I enable ranger auditing for storm. I enabled kerberos with ambari, since it is noted in document that kerberos is required to install ranger storm-plugin. I kerberized the cluster, enabled storm plugin, and installed a storm policy like the one in attachment. Then I started and killed the storm topology with these commands: - storm jar storm-starter-0.0.1-storm-0.9.0.1.jar storm.starter.WordCountTopology WordCount -c storm.starter.WordCountTopology WordCount - storm kill WordCount However, I don't see the log files in hdfs /ranger/audit/storm. (I can't view it directly from ranger UI because of an solr error, but that's another issue). In nimbus.log, I see this error: 2018-03-08 18:01:01.037 o.a.r.a.p.BaseAuditHandler [ERROR] Error writing to log file. org.apache.hadoop.ipc.RemoteException: User: nimbus/sandbox-hdp.hortonworks.com@HORTONWORKS.COM is not allowed to impersonate storm at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1554) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] at org.apache.hadoop.ipc.Client.call(Client.java:1498) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] at org.apache.hadoop.ipc.Client.call(Client.java:1398) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:233) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] at com.sun.proxy.$Proxy54.getFileInfo(Unknown Source) ~[?:?] at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:823) ~[?:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_151] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_151] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_151] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_151] at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:291) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:203) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:185) ~[hadoop-common-2.7.3.2.6.3.0-235.jar:?] I thought it was mapping issue between kerberos principal and linux user, so I added "RULE:[2:$1@$0](nimbus@HORTONWORKS.COM)s/.*/storm/" to hadoop.security.auth_to_local and <property> <name>hadoop.proxyuser.storm.group</name> <value>*</value> </property> <property> <name>hadoop.proxyuser.storm.hosts</name> <value>sandbox-hdp.hortonworks.com</value> </property> to core-site.xml. But nothing is logged. Any help or advice is appreciated. Thanks in advance. ... View more
Contact Me
Online
Offline
Last Visited
‎08-03-2023 02:54 PM
Community Statistics
Member Since ‎07-26-2019 12:49 PM
Last Visited ‎08-03-2023 02:54 PM
Posts 5