You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@falcon.apache.org by "Balu Vellanki (JIRA)" <ji...@apache.org> on 2014/10/30 05:47:34 UTC
[jira] [Resolved] (FALCON-845) superuser falcon is not able to
delete/update entity
[ https://issues.apache.org/jira/browse/FALCON-845?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Balu Vellanki resolved FALCON-845.
----------------------------------
Resolution: Invalid
Assignee: Balu Vellanki (was: Venkatesh Seetharam)
The core-site.xml has the following
{code}
<property>
<name>hadoop.proxyuser.falcon.groups</name>
<value>users</value>
<description>
Proxy group for Hadoop.
</description>
</property>
{code}
This means falcon can only impersonate members of group "users". But user "falcon" does not belong to group "users". This is expected behavior. Hence the bug is invalid.
> superuser falcon is not able to delete/update entity
> ----------------------------------------------------
>
> Key: FALCON-845
> URL: https://issues.apache.org/jira/browse/FALCON-845
> Project: Falcon
> Issue Type: Bug
> Affects Versions: 0.6
> Reporter: Raghav Kumar Gautam
> Assignee: Balu Vellanki
> Fix For: 0.6
>
> Attachments: core-site.xml, entities.txt
>
>
> Sample response is:
> {code}
> 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Url: http://ip-172-31-47-32.ec2.internal:15000/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon (BaseRequest:163)
> 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Method: DELETE (BaseRequest:164)
> 2014-10-29 15:20:28,517 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Header: Name=Content-Type Value=text/xml (BaseRequest:167)
> 2014-10-29 15:20:28,518 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Request Header: Name=Cookie Value=hadoop.auth=u=falcon&p=falcon&t=simple&e=1414632028513&s=1nC83wrEf/iOQvualO/fPAH4qE4= (BaseRequest:167)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Status: HTTP/1.1 400 Bad Request (BaseRequest:193)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Content-Type Value=text/xml (BaseRequest:195)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=requestId Value=114790f0-0b80-43c0-9899-042705741916 (BaseRequest:195)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Content-Length Value=263 (BaseRequest:195)
> 2014-10-29 15:20:28,672 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ Response Header: Name=Server Value=Jetty(6.1.26.hwx) (BaseRequest:195)
> Warning: org.apache.xerces.parsers.SAXParser: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
> Warning: org.apache.xerces.parsers.SAXParser: Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized.
> 2014-10-29 15:20:28,675 INFO - [pool-45-thread-1:othersEditScheduledProcess] ~ The web service response is:
> <?xml version="1.0" encoding="UTF-8"?><result>
> <status>FAILED</status>
> <message>org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon</message>
> </result>
> (ServiceResponse:86)
> {code}
> Relevant log from falcon.application.log:
> {code}
> 2014-10-29 15:20:28,526 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Logging in falcon (CurrentUser:69)
> 2014-10-29 15:20:28,526 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Request from user: falcon, URL=/api/entities/delete/process/agregator-coord16-22ceac97?user.name=falcon (FalconAuthenticationFilter:181)
> 2014-10-29 15:20:28,526 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Authorizing user=falcon against request=RequestParts{resource='entities', action='delete', entityName='agregator-coord16-22ceac97', entityType='process'} (FalconAuthorizationFilter:70)
> 2014-10-29 15:20:28,527 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Authorizing authenticatedUser=falcon, against resource=entities, action=delete, entity name=agregator-coord16-22ceac97, entity type=process (DefaultAuthorizationProvider:125)
> 2014-10-29 15:20:28,528 DEBUG - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Invoking method delete on service org.apache.falcon.resource.ConfigSyncService (IPCChannel:45)
> 2014-10-29 15:20:28,669 ERROR - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Unable to reach workflow engine for deletion or deletion failed (AbstractEntityManager:228)
> org.apache.falcon.FalconException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon
> at org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:600)
> at org.apache.falcon.workflow.engine.OozieWorkflowEngine.findBundles(OozieWorkflowEngine.java:269)
> at org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:367)
> at org.apache.falcon.workflow.engine.OozieWorkflowEngine.doBundleAction(OozieWorkflowEngine.java:361)
> at org.apache.falcon.workflow.engine.OozieWorkflowEngine.delete(OozieWorkflowEngine.java:345)
> at org.apache.falcon.resource.AbstractEntityManager.delete(AbstractEntityManager.java:215)
> at org.apache.falcon.resource.ConfigSyncService.delete(ConfigSyncService.java:56)
> at sun.reflect.GeneratedMethodAccessor42.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.falcon.resource.channel.IPCChannel.invoke(IPCChannel.java:49)
> at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.doExecute(SchedulableEntityManagerProxy.java:182)
> at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$EntityProxy.execute(SchedulableEntityManagerProxy.java:447)
> at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$2.execute(SchedulableEntityManagerProxy.java:172)
> at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete_aroundBody2(SchedulableEntityManagerProxy.java:184)
> at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy$AjcClosure3.run(SchedulableEntityManagerProxy.java:1)
> at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
> at org.apache.falcon.aspect.AbstractFalconAspect.logAroundMonitored(AbstractFalconAspect.java:51)
> at org.apache.falcon.resource.proxy.SchedulableEntityManagerProxy.delete(SchedulableEntityManagerProxy.java:159)
> at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
> at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
> at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
> at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
> at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
> at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
> at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
> at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
> at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
> at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
> at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
> at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
> at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
> at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
> at org.apache.falcon.security.FalconAuthorizationFilter.doFilter(FalconAuthorizationFilter.java:80)
> at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at org.apache.falcon.security.FalconAuthenticationFilter$2.doFilter(FalconAuthenticationFilter.java:184)
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:572)
> at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:542)
> at org.apache.falcon.security.FalconAuthenticationFilter.doFilter(FalconAuthenticationFilter.java:193)
> at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at org.apache.falcon.security.FalconAuditFilter.doFilter(FalconAuditFilter.java:65)
> at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
> at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
> at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at org.mortbay.jetty.bio.SocketConnector$Connection.run(SocketConnector.java:228)
> at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon
> at org.apache.hadoop.ipc.Client.call(Client.java:1468)
> at org.apache.hadoop.ipc.Client.call(Client.java:1399)
> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232)
> at com.sun.proxy.$Proxy27.getListing(Unknown Source)
> at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.getListing(ClientNamenodeProtocolTranslatorPB.java:554)
> at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:187)
> at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:102)
> at com.sun.proxy.$Proxy28.getListing(Unknown Source)
> at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1947)
> at org.apache.hadoop.hdfs.DFSClient.listPaths(DFSClient.java:1930)
> at org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:693)
> at org.apache.hadoop.hdfs.DistributedFileSystem.access$600(DistributedFileSystem.java:105)
> at org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:755)
> at org.apache.hadoop.hdfs.DistributedFileSystem$15.doCall(DistributedFileSystem.java:751)
> at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
> at org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:751)
> at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1485)
> at org.apache.hadoop.fs.FileSystem.listStatus(FileSystem.java:1525)
> at org.apache.falcon.entity.EntityUtil.getAllStagingPaths(EntityUtil.java:589)
> ... 62 more
> 2014-10-29 15:20:28,670 ERROR - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ Action failed: Bad Request
> Error: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: falcon is not allowed to impersonate falcon (FalconWebException:68)
> 2014-10-29 15:20:28,670 INFO - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916 falcon:DELETE//entities/delete/process/agregator-coord16-22ceac97] ~ {Action:delete, Dimensions:{entityType=process, colo=NULL, entityName=agregator-coord16-22ceac97}, Status: FAILED, Time-taken:142594851 ns} (METRIC:38)
> 2014-10-29 15:20:28,671 DEBUG - [1191920211@qtp-53336067-294:114790f0-0b80-43c0-9899-042705741916] ~ Audit: falcon/172.31.47.32 performed request
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)