메뉴 건너뛰기

Cloudera, BigData, Semantic IoT, Hadoop, NoSQL

Cloudera CDH/CDP 및 Hadoop EcoSystem, Semantic IoT등의 개발/운영 기술을 정리합니다. gooper@gooper.com로 문의 주세요.


1. ..conf/core-site.xml  파일에 아래와 같이 프록시 프로퍼티를 추가한다.

(GROUPS, HOSTS는 그냥 "*"로 해도 되지만 호스트나 그룹명을 쉼표로 구분하여 작성해도됨)

(oozie를 실행하는 linux user가 oozie일 경우는 [userId]에 oozie로 , root 사용자로 실행할 경우에는 [userId]에 root를 기입할것)

 --------------------------------

The following two properties are required in Hadoop core-site.xml:

  <!-- OOZIE -->
  <property>
    <name>hadoop.proxyuser.[OOZIE_SERVER_USER].hosts</name>
    <value>[OOZIE_SERVER_HOSTNAME]</value>
  </property>
  <property>
    <name>hadoop.proxyuser.[OOZIE_SERVER_USER].groups</name>
    <value>[USER_GROUPS_THAT_ALLOW_IMPERSONATION]</value>
  </property>
------------------------------------------
[hadoop@master /hadoop/hadoop-1.x/conf]$ vi core-site.xml

     <property>
                <name>hadoop.proxyuser.[userId].hosts</name>
                <value>MasterNode</value>
     </property>
     <property>
                <name>hadoop.proxyuser.[userId].groups</name>
                <value>[userId]</value>
     </property>

 

-----------------------sample----------------

<property>
<name>hadoop.proxyuser.hadoop.hosts</name>
<value>localhost</value>
</property>
<property>
<name>hadoop.proxyuser.hadoop.groups</name>
<value>supergroup,hadoop,root</value>
</property>


1-2. oozie-site.xml에서 아래 부분의 주석을 풀고  #USER#는 반드시 oozie를 실행하는 계정(예, hadoop)으로 변경해야함

 <property>

        <name>oozie.service.ProxyUserService.proxyuser.#USER#.hosts</name>

        <value>*</value>

        <description>

            List of hosts the '#USER#' user is allowed to perform 'doAs'

            operations.


            The '#USER#' must be replaced with the username o the user who is

            allowed to perform 'doAs' operations.


            The value can be the '*' wildcard or a list of hostnames.


            For multiple users copy this property and replace the user name

            in the property name.

        </description>

    </property>


    <property>

        <name>oozie.service.ProxyUserService.proxyuser.hadoop.groups</name>

        <value>*</value>

        <description>

            List of groups the '#USER#' user is allowed to impersonate users

            from to perform 'doAs' operations.


            The '#USER#' must be replaced with the username o the user who is

            allowed to perform 'doAs' operations.


            The value can be the '*' wildcard or a list of groups.


            For multiple users copy this property and replace the user name

            in the property name.

        </description>

    </property>

 

2. 변경사항 반영(hdfs-site.xml에 반영시)->?

hadoop@bigdata-host:~/hadoop/conf$ hadoop mradmin -refreshUserToGroupsMappings


3. 변경사항 반영(core-site.xml에 반영시)

stop-all.sh

start-all.sh


 

4. 아래와 같은 오류가 발생시 아래와 같이 설정.(hdfs-site.xml)

<property> 
  <name>dfs.permissions</name> 
  <value>false</value> 
</property> 


 

-------------------------hadoop계정으로 실행하던 oozie job을 root로 실행했을때 오류메세지--------------------------------------

JA009: org.apache.hadoop.security.AccessControlException: Permission denied: user=root, access=WRITE, inode="user":hadoop:supergroup:rwxr-xr-x

at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:217)

at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:197)

at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:141)

at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:5758)

at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:5731)

at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInternal(FSNamesystem.java:1576)

at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFile(FSNamesystem.java:1527)

at org.apache.hadoop.hdfs.server.namenode.NameNode.create(NameNode.java:710)

at org.apache.hadoop.hdfs.server.namenode.NameNode.create(NameNode.java:689)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:606)

at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:587)

at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1432)

at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1428)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Subject.java:415)

at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1190)

at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1426)

 

참고 :

위와 같은 오류가 발생하면

hadoop fs -mkdir /user/root

hadoop fs -chown root:root /user/root

hadoop fs -chmod -R 777 /user/root

와 같이 /user밑에 root로 만들고 권한을 변경하라고 하지만... oozie 실행시 자동으로 생성됨을 확인했다.

위로