You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@oozie.apache.org by "Andras Piros (JIRA)" <ji...@apache.org> on 2018/04/10 07:47:00 UTC

[jira] [Commented] (OOZIE-3186) Oozie is unable to use configuration linked using jceks://file/...

    [ https://issues.apache.org/jira/browse/OOZIE-3186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16431872#comment-16431872 ] 

Andras Piros commented on OOZIE-3186:
-------------------------------------

Interesting idea [~dionusos]! The overall approach looks good to me.

Can you please create unit tests that cover the original and the modified behavior, as well as put the patch to ReviewBoard? Thanks!

> Oozie is unable to use configuration linked using jceks://file/...
> ------------------------------------------------------------------
>
>                 Key: OOZIE-3186
>                 URL: https://issues.apache.org/jira/browse/OOZIE-3186
>             Project: Oozie
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 5.0.0b1, 5.0.0, 4.3.1
>            Reporter: Denes Bodo
>            Assignee: Denes Bodo
>            Priority: Critical
>              Labels: usability
>             Fix For: trunk
>
>         Attachments: OOZIE-3186-001.patch, OOZIE-3186-002.patch
>
>
> When Oozie is used with Ambari, the next configuration makes Oozie fail to start:
> {noformat}
> <property>
>     <name>hadoop.security.credential.provider.path</name>
>     <value>jceks://file/.../oozie-site.jceks</value>
> </property>
> {noformat}
> Value should have *localjceks://* instead of *jceks://*. But Ambari does not let change this value. I propose change the url when Oozie loads it.
>  
> Stacktrace, when the issue occurs:
> {code:java}
> org.apache.oozie.service.ServiceException: E0103: Could not load service classes, Could not load password for [oozie.service.JPAService.jdbc.password] at org.apache.oozie.service.Services.loadServices(Services.java:309) at org.apache.oozie.service.Services.init(Services.java:213) at org.apache.oozie.servlet.ServicesLoader.contextInitialized(ServicesLoader.java:46) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4276) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4779) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:803) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:780) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:583) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:944) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:779) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:505) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1322) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:325) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1069) at org.apache.catalina.core.StandardHost.start(StandardHost.java:822) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1061) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463) at org.apache.catalina.core.StandardService.start(StandardService.java:525) at org.apache.catalina.core.StandardServer.start(StandardServer.java:761) at org.apache.catalina.startup.Catalina.start(Catalina.java:595) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Caused by: java.lang.IllegalArgumentException: Could not load password for [oozie.service.JPAService.jdbc.password] at org.apache.oozie.service.ConfigurationService.getPassword(ConfigurationService.java:615) at org.apache.oozie.service.ConfigurationService.getPassword(ConfigurationService.java:602) at org.apache.oozie.service.JPAService.init(JPAService.java:147) at org.apache.oozie.service.Services.setServiceInternal(Services.java:386) at org.apache.oozie.service.Services.setService(Services.java:372) at org.apache.oozie.service.Services.loadServices(Services.java:305) ... 26 more Caused by: java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.oozie.service.ConfigurationService.getPassword(ConfigurationService.java:608) ... 31 more Caused by: java.lang.UnsupportedOperationException: Accessing local file system is not allowed at org.apache.hadoop.fs.RawLocalFileSystem.initialize(RawLocalFileSystem.java:48) at org.apache.hadoop.fs.LocalFileSystem.initialize(LocalFileSystem.java:47) at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2795) at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:99) at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2829) at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2811) at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:390) at org.apache.hadoop.fs.Path.getFileSystem(Path.java:295) at org.apache.hadoop.security.alias.JavaKeyStoreProvider.initFileSystem(JavaKeyStoreProvider.java:89) at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:82) at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:49) at org.apache.hadoop.security.alias.JavaKeyStoreProvider.<init>(JavaKeyStoreProvider.java:41) at org.apache.hadoop.security.alias.JavaKeyStoreProvider$Factory.createProvider(JavaKeyStoreProvider.java:100) at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:71) at org.apache.hadoop.conf.Configuration.getPasswordFromCredentialProviders(Configuration.java:1993) at org.apache.hadoop.conf.Configuration.getPassword(Configuration.java:1972) ... 36 more
> {code}
> Similar thread is started in Ambari: AMBARI-23106



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)