Cloudera CDH/CDP 및 Hadoop EcoSystem, Semantic IoT등의 개발/운영 기술을 정리합니다. gooper@gooper.com로 문의 주세요.
1. ..conf/core-site.xml 파일에 아래와 같이 프록시 프로퍼티를 추가한다.
(GROUPS, HOSTS는 그냥 "*"로 해도 되지만 호스트나 그룹명을 쉼표로 구분하여 작성해도됨)
(oozie를 실행하는 linux user가 oozie일 경우는 [userId]에 oozie로 , root 사용자로 실행할 경우에는 [userId]에 root를 기입할것)
--------------------------------
The following two properties are required in Hadoop core-site.xml:
<!-- OOZIE -->
<property>
<name>hadoop.proxyuser.[OOZIE_SERVER_USER].hosts</name>
<value>[OOZIE_SERVER_HOSTNAME]</value>
</property>
<property>
<name>hadoop.proxyuser.[OOZIE_SERVER_USER].groups</name>
<value>[USER_GROUPS_THAT_ALLOW_IMPERSONATION]</value>
</property>------------------------------------------
[hadoop@master /hadoop/hadoop-1.x/conf]$ vi core-site.xml
<property>
<name>hadoop.proxyuser.[userId].hosts</name>
<value>MasterNode</value>
</property>
<property>
<name>hadoop.proxyuser.[userId].groups</name>
<value>[userId]</value>
</property>
-----------------------sample----------------
<property>
<name>hadoop.proxyuser.hadoop.hosts</name>
<value>localhost</value>
</property>
<property>
<name>hadoop.proxyuser.hadoop.groups</name>
<value>supergroup,hadoop,root</value>
</property>
1-2. oozie-site.xml에서 아래 부분의 주석을 풀고 #USER#는 반드시 oozie를 실행하는 계정(예, hadoop)으로 변경해야함
<property>
<name>oozie.service.ProxyUserService.proxyuser.#USER#.hosts</name>
<value>*</value>
<description>
List of hosts the '#USER#' user is allowed to perform 'doAs'
operations.
The '#USER#' must be replaced with the username o the user who is
allowed to perform 'doAs' operations.
The value can be the '*' wildcard or a list of hostnames.
For multiple users copy this property and replace the user name
in the property name.
</description>
</property>
<property>
<name>oozie.service.ProxyUserService.proxyuser.hadoop.groups</name>
<value>*</value>
<description>
List of groups the '#USER#' user is allowed to impersonate users
from to perform 'doAs' operations.
The '#USER#' must be replaced with the username o the user who is
allowed to perform 'doAs' operations.
The value can be the '*' wildcard or a list of groups.
For multiple users copy this property and replace the user name
in the property name.
</description>
</property>
2. 변경사항 반영(hdfs-site.xml에 반영시)->?
hadoop@bigdata-host:~/hadoop/conf$ hadoop mradmin -refreshUserToGroupsMappings
3. 변경사항 반영(core-site.xml에 반영시)
stop-all.sh
start-all.sh
4. 아래와 같은 오류가 발생시 아래와 같이 설정.(hdfs-site.xml)
-------------------------hadoop계정으로 실행하던 oozie job을 root로 실행했을때 오류메세지--------------------------------------
JA009: org.apache.hadoop.security.AccessControlException: Permission denied: user=root, access=WRITE, inode="user":hadoop:supergroup:rwxr-xr-x
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:217)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:197)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:141)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:5758)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:5731)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInternal(FSNamesystem.java:1576)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFile(FSNamesystem.java:1527)
at org.apache.hadoop.hdfs.server.namenode.NameNode.create(NameNode.java:710)
at org.apache.hadoop.hdfs.server.namenode.NameNode.create(NameNode.java:689)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:587)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1432)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1428)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1190)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1426)
참고 :
위와 같은 오류가 발생하면
hadoop fs -mkdir /user/root
hadoop fs -chown root:root /user/root
hadoop fs -chmod -R 777 /user/root
와 같이 /user밑에 root로 만들고 권한을 변경하라고 하지만... oozie 실행시 자동으로 생성됨을 확인했다.
