You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Hari Sekhon (JIRA)" <ji...@apache.org> on 2019/03/20 15:55:00 UTC
[jira] [Comment Edited] (NIFI-6124) NiFi HDFS processors resolve
Kerberos principal _HOST component to an IP address and get wrong principal
error - Server has invalid Kerberos principal: ...host..., expecting:
...ip...
[ https://issues.apache.org/jira/browse/NIFI-6124?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797285#comment-16797285 ]
Hari Sekhon edited comment on NIFI-6124 at 3/20/19 3:54 PM:
------------------------------------------------------------
Correct, the PTR wasn't set for that IP, and it's a non-native HDFS storage device pretending to be a NN but outside of our control so setting the FQDN explicitly solved the principal problem, although we didn't stop to think too much in to why _HOST was misbehaving at the time but this is an old well known problem.
Thanks for feedback and reminding us. Closing now.
was (Author: harisekhon):
Correct, the PTR wasn't set for that IP, and it's a non-native HDFS device pretending to be a NN but outside of our control so setting the FQDN explicitly solved the principal problem.
> NiFi HDFS processors resolve Kerberos principal _HOST component to an IP address and get wrong principal error - Server has invalid Kerberos principal: ...host..., expecting: ...ip...
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-6124
> URL: https://issues.apache.org/jira/browse/NIFI-6124
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Hari Sekhon
> Priority: Major
>
> NiFi HDFS processors appear to be resolving the host component of the kerberos principal given an hdfs-site.xml using the usual Hadoop _HOST placeholder like so:
> {code:java}
> <property>
> <name>dfs.namenode.kerberos.principal</name>
> <value>hdfs/_HOST@<domain></value>
> </property>{code}
> This sort of configuration works across the Hadoop ecosystem but not in NiFi it seems where it results in an exception like this:
> {code:java}
> 2019-03-15 09:55:42,556 INFO [Timer-Driven Process Thread-6] o.a.h.io.retry.RetryInvocationHandler java.io.IOException: Failed on local exception: java.io.IOException: Couldn't set up IO streams: java.lang.IllegalArgumentException: Server has invalid Kerberos principal: hdfs/<fqdn>@<domain>, expecting: hdfs/<ip_x.x.x.x>@<domain>; Host Details : local host is: "<fqdn>/<ip_x.x.x.x>"; destination host is: "<ip_x.x.x.x>":8020; , while invoking ClientNamenodeProtocolTranslatorPB.getFileInfo over <ip_x.x.x.x>/<ip_x.x.x.x>:8020 after 9 failover attempts. Trying to failover after sleeping for 17661ms.
> {code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)