Reputation: 3405
Cannot kill or suspend oozie coordinator job
I submitted oozie coordinator job under user "runner" when I try either kill or suspend I am getting following error message:
[runner@hadooptools ~]$ oozie job -oozie http://localhost:11000/oozie -kill 0000005-140722025226945-oozie-oozi-C
Error: E0509 : E0509: User [?] not authorized for Coord job [0000005-140722025226945-oozie-oozi-C]
From the logs on oozie server I see following message:
2014-07-25 03:10:07,324 INFO oozieaudit:539 - USER [runner], GROUP [null], APP [cron-coord], JOBID [0000005-140722025226945-oozie-oozi-C], OPERATION [start], PARAMETER [null], STATUS [SUCCESS], HTTPCODE [200], ERRORCODE [null], ERRORMESSAG
E [null]
Time to time even user under I issue the command is not logged correctly.
I am using CentOS 6.3 and Oozie Oozie client build version: 4.0.0.2.0.6.0-101, Oozie server build version: 4.0.0.2.0.6.0-101
I am not even able to stop it under the user oozie who runs the server. Under the user who submitted job I am not able to do suspend, kill, etc. I am able to just perform submit run which passes the flow or info.
Any hints/tricks or do I missconfigured something obvious?
UPDATE: Security settings for the instance I am using.
<property>
<name>oozie.authentication.type</name>
<value>simple</value>
</property>
<property>
<name>oozie.authentication.simple.anonymous.allowed</name>
<value>true</value>
</property>
My conf/adminusers.txt contains:
# Admin Users, one user by line
runner
Hadoop core-site.xml
<property>
<name>hadoop.security.authentication</name>
<value>simple</value>
</property>
<property>
<name>hadoop.proxyuser.oozie.groups</name>
<value>users</value>
</property>
Where runner is a member of users group. According to Oozie documentation: Oozie has a basic authorization model:
- Users have read access to all jobs
- Users have write access to their own jobs
- Users have write access to jobs based on an Access Control List (list of users and groups)
- Users have read access to admin operations Admin
- Users have write access to all jobs Admin users have write access to admin operations
Did I overlooked something in configuration? Do I need to specify/configure something like this:
Pseudo/simple authentication requires the user to specify the user name on the request, this is done by the PseudoAuthenticator class by injecting the user.name parameter in the query string of all requests. The user.name parameter value is taken from the client process Java System property user.name .
Upvotes: 3
Views: 3392
Answers (2)
Reputation: 699
Old question, but eh, I got the same problem. Seems related to https://issues.apache.org/jira/browse/OOZIE-800
Just rm ~/.oozie-auth-token before issuing the oozie command solved it for me.
Upvotes: 1
Reputation: 3405
Temporarily resolved by disable security model. Following setting disabled security model and then all worked as expected.
<property>
<name>oozie.service.AuthorizationService.security.enabled</name>
<value>false</value>
<description>
Specifies whether security (user name/admin role) is enabled or not.
If disabled any user can manage Oozie system and manage any job.
</description>
</property>
Will look deeper how to correctly solve this but as a temporary solution or for development this works fine.
Upvotes: 0
Related Questions
- How can i let the oozie workflow run after killing the coordinator?
- How to remove queued coordinator jobs in oozie?
- How to reschedule a coordinator job in OOZIE without restarting the job?
- oozie job keeps executing again and again
- How to suspend Oozie coordinator if a coordinator action fails?
- Oozie hourly coordinator timing out on future actions
- How to kill oozie coordinator actions using oozie client
- Oozie job taking longer than scheduled interval
- Kill all filtered oozie jobs
- Oozie coordinator with sysdate as start time