HPE Community
HPE Ezmeral Software platform
1821067 Members
2563 Online
109631 Solutions
New Discussion

Authentication failed in Oozie 5.2 after upgrade from 4.3

 
SOLVED
Go to solution
johndoee
Occasional Visitor

‎02-02-2021 08:59 AM

‎02-02-2021 08:59 AM

Authentication failed in Oozie 5.2 after upgrade from 4.3

I have a MapRSASL secured cluster. Back in oozie4.3 , i had no issues with running the jobs. My configuration:

oozie-env.sh:
export OOZIE_BASE_URL="http://hostname:11000/oozie"

oozie-site.xml:

<property>
<name>oozie.base.url</name>
<value>http://hostname:11000/oozie</value>
</property>


After upgrade to oozie 5.2, the jobs fail on "secure" cluster with below error even after setting oozie.base.url to http://hostname:11000/oozie.

Also, tried by touching the ".customSecure" file as per https://docs.datafabric.hpe.com/62/Oozie/ConfiguringOozieonaSecureCluster.html

and https://docs.datafabric.hpe.com/62/SecurityGuide/Custom-security-in-mapr.html

Is there any additional configuration that needs to be enabled?

Error:

#/opt/mapr/oozie/oozie-5.2.0/bin/oozie admin -status
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.mapr.fs.ShimLoader (file:/opt/mapr/oozie/oozie-5.2.0/embedded-oozie-server/webapp/WEB-INF/lib/maprfs-6.2.0.0-mapr.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.mapr.fs.ShimLoader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
log4j:WARN No appenders could be found for logger (org.eclipse.jetty.util.log).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
AUTHENTICATION : Could not authenticate, Authentication failed, status: 302, message: Found
at org.apache.oozie.client.AuthOozieClient.createConnection(AuthOozieClient.java:204)
at org.apache.oozie.client.OozieClient$1.doExecute(OozieClient.java:522)
at org.apache.oozie.client.retry.ConnectionRetriableClient.execute(ConnectionRetriableClient.java:44)
at org.apache.oozie.client.OozieClient.createRetryableConnection(OozieClient.java:524)
at org.apache.oozie.client.OozieClient.getSupportedProtocolVersions(OozieClient.java:399)
at org.apache.oozie.client.OozieClient.validateWSVersion(OozieClient.java:359)
at org.apache.oozie.client.OozieClient.createURL(OozieClient.java:475)
at org.apache.oozie.client.OozieClient.access$000(OozieClient.java:88)
at org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:569)
at org.apache.oozie.client.OozieClient.getSystemMode(OozieClient.java:2165)
at org.apache.oozie.cli.OozieCLI.adminCommand(OozieCLI.java:2027)
at org.apache.oozie.cli.OozieCLI.processCommand(OozieCLI.java:733)
at org.apache.oozie.cli.OozieCLI.run(OozieCLI.java:682)
at org.apache.oozie.cli.OozieCLI.main(OozieCLI.java:245)
Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, status: 302, message: Found

0 Kudos
Reply
1 REPLY 1
prusyn
Occasional Contributor

‎02-02-2021 09:00 AM

‎02-02-2021 09:00 AM

Solution

Re: Authentication failed in Oozie 5.2 after upgrade from 4.3

I was able to reproduce this issue. Can you try adding below property oozie 5.2 is working fine with "http" in oozie-site.xml.

<property>
<name>oozie.https.enabled</name>
<value>false</value>
</property>

# ls -lrt /opt/mapr/conf/.custom*
-rw-r--r-- 1 mapr mapr 0 Jan 19 12:19 /opt/mapr/conf/.customSecure

# export OOZIE_URL=http://<ip>:11000/oozie

It appears HTTPS is set automatically in secured cluster, but this is more like configuration feature. I do not see a problem with using HTTP in secure cluster. Also, it looks a valid solution based on Apache doc: https://oozie.apache.org/docs/5.1.0/AG_Install.html#Configure_the_Oozie_Server_to_use_SSL_HTTPS

".. Set oozie.https.enabled to true. To revert back to HTTP, set oozie.https.enabled to false"

But, anyway, unless your usecase demands HTTP oozie usage, i would recommend to use HTTPS connection for Oozie.

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.