Authentication failed in Oozie 5.2 after upgrade from 4.3

johndoee · ‎02-02-2021

I have a MapRSASL secured cluster. Back in oozie4.3 , i had no issues with running the jobs. My configuration:

oozie-env.sh:
export OOZIE_BASE_URL="http://hostname:11000/oozie"

oozie-site.xml:

<property>
<name>oozie.base.url</name>
<value>http://hostname:11000/oozie</value>
</property>

After upgrade to oozie 5.2, the jobs fail on "secure" cluster with below error even after setting oozie.base.url to http://hostname:11000/oozie.

Also, tried by touching the ".customSecure" file as per https://docs.datafabric.hpe.com/62/Oozie/ConfiguringOozieonaSecureCluster.html

and https://docs.datafabric.hpe.com/62/SecurityGuide/Custom-security-in-mapr.html

Is there any additional configuration that needs to be enabled?

Error:

#/opt/mapr/oozie/oozie-5.2.0/bin/oozie admin -status
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.mapr.fs.ShimLoader (file:/opt/mapr/oozie/oozie-5.2.0/embedded-oozie-server/webapp/WEB-INF/lib/maprfs-6.2.0.0-mapr.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of com.mapr.fs.ShimLoader
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
log4j:WARN No appenders could be found for logger (org.eclipse.jetty.util.log).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
AUTHENTICATION : Could not authenticate, Authentication failed, status: 302, message: Found
at org.apache.oozie.client.AuthOozieClient.createConnection(AuthOozieClient.java:204)
at org.apache.oozie.client.OozieClient$1.doExecute(OozieClient.java:522)
at org.apache.oozie.client.retry.ConnectionRetriableClient.execute(ConnectionRetriableClient.java:44)
at org.apache.oozie.client.OozieClient.createRetryableConnection(OozieClient.java:524)
at org.apache.oozie.client.OozieClient.getSupportedProtocolVersions(OozieClient.java:399)
at org.apache.oozie.client.OozieClient.validateWSVersion(OozieClient.java:359)
at org.apache.oozie.client.OozieClient.createURL(OozieClient.java:475)
at org.apache.oozie.client.OozieClient.access$000(OozieClient.java:88)
at org.apache.oozie.client.OozieClient$ClientCallable.call(OozieClient.java:569)
at org.apache.oozie.client.OozieClient.getSystemMode(OozieClient.java:2165)
at org.apache.oozie.cli.OozieCLI.adminCommand(OozieCLI.java:2027)
at org.apache.oozie.cli.OozieCLI.processCommand(OozieCLI.java:733)
at org.apache.oozie.cli.OozieCLI.run(OozieCLI.java:682)
at org.apache.oozie.cli.OozieCLI.main(OozieCLI.java:245)
Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, status: 302, message: Found

prusyn · ‎02-02-2021

I was able to reproduce this issue. Can you try adding below property oozie 5.2 is working fine with "http" in oozie-site.xml.

<property>
<name>oozie.https.enabled</name>
<value>false</value>
</property>
# ls -lrt /opt/mapr/conf/.custom*
-rw-r--r-- 1 mapr mapr 0 Jan 19 12:19 /opt/mapr/conf/.customSecure
# export OOZIE_URL=http://<ip>:11000/oozie

It appears HTTPS is set automatically in secured cluster, but this is more like configuration feature. I do not see a problem with using HTTP in secure cluster. Also, it looks a valid solution based on Apache doc: https://oozie.apache.org/docs/5.1.0/AG_Install.html#Configure_the_Oozie_Server_to_use_SSL_HTTPS

".. Set oozie.https.enabled to true. To revert back to HTTP, set oozie.https.enabled to false"

But, anyway, unless your usecase demands HTTP oozie usage, i would recommend to use HTTPS connection for Oozie.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Authentication failed in Oozie 5.2 after upgrade from 4.3

Authentication failed in Oozie 5.2 after upgrade from 4.3

Re: Authentication failed in Oozie 5.2 after upgrade from 4.3