Uploaded image for project: 'Apache Tez'
  1. Apache Tez
  2. TEZ-3727

When using HDFS federation, token of tez.simple.history.logging.dir is not added, causing AM to fail

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 0.8.5
    • 0.10.0, 0.9.3
    • None
    • None

    • hive1.1.0 + tez0.8.5

    Description

      If we use different fs for tez.simple.history.logging.dir and hive.exec.scratchdir, the tez AM throws such exception:

      [INFO] [main] |retry.RetryInvocationHandler|: Exception while invoking getFileInfo of class ClientNamenodeProtocolTranslatorPB over ns/xx.xx.xx.xx:xxxx after 1 fail over attempts. Trying to fail over immediately.
java.io.IOException: Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]; Host Details : local host is: "nm1/xx.xx.xx.xx"; destination host is: "ns":xxxx; 
	at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772)
	at org.apache.hadoop.ipc.Client.call(Client.java:1472)
	at org.apache.hadoop.ipc.Client.call(Client.java:1399)
	at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232)
	at com.sun.proxy.$Proxy12.getFileInfo(Unknown Source)
	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getFileInfo(ClientNamenodeProtocolTranslatorPB.java:752)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:187)
	at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
	at com.sun.proxy.$Proxy13.getFileInfo(Unknown Source)
	at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1982)
	at org.apache.hadoop.hdfs.DistributedFileSystem$18.doCall(DistributedFileSystem.java:1128)
	at org.apache.hadoop.hdfs.DistributedFileSystem$18.doCall(DistributedFileSystem.java:1124)
	at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
	at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:1124)
	at org.apache.hadoop.fs.FileSystem.exists(FileSystem.java:1400)
	at org.apache.tez.dag.history.logging.impl.SimpleHistoryLoggingService.serviceInit(SimpleHistoryLoggingService.java:81)
	at org.apache.hadoop.service.AbstractService.init(AbstractService.java:163)
	at org.apache.hadoop.service.CompositeService.serviceInit(CompositeService.java:107)
	at org.apache.tez.dag.history.HistoryEventHandler.serviceInit(HistoryEventHandler.java:100)
	at org.apache.hadoop.service.AbstractService.init(AbstractService.java:163)
	at org.apache.tez.dag.app.DAGAppMaster.initServices(DAGAppMaster.java:1933)
	at org.apache.tez.dag.app.DAGAppMaster.serviceInit(DAGAppMaster.java:622)
	at org.apache.hadoop.service.AbstractService.init(AbstractService.java:163)
	at org.apache.tez.dag.app.DAGAppMaster$8.run(DAGAppMaster.java:2586)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:415)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
	at org.apache.tez.dag.app.DAGAppMaster.initAndStartAppMaster(DAGAppMaster.java:2583)
	at org.apache.tez.dag.app.DAGAppMaster.main(DAGAppMaster.java:2388)
Caused by: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
	at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:680)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:415)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
	at org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:643)
	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:730)
	at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:368)
	at org.apache.hadoop.ipc.Client.getConnection(Client.java:1521)
	at org.apache.hadoop.ipc.Client.call(Client.java:1438)
	... 31 more
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
	at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:172)
	at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
	at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:553)
	at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:368)
	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:722)
	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:718)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:415)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:717)
	... 34 more

      That's becasue the token of tez.simple.history.logging.dir is not added during tez AM initialization.

      In hive-site.xml we have:

      <property>
    <name>hive.exec.scratchdir</name>
    <value>hdfs://ns/tmp/hive</value>
</property>

      In tez-site.xml we have:

      <property>
    <name>tez.simple.history.logging.dir</name>
    <value>hdfs://ns2/history-tez</value>
</property>

      Attachments

        1. TEZ-3727.01.patch
          1 kB
          László Bodor
        2. TEZ-3727.patch
          1 kB
          Xi Chen

        Activity

          People

            abstractdog László Bodor
            jshmchenxi Xi Chen
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: