Hi,
dremio ver 4.2.2(all other prvs versions)
distributed storage: hdfs with kerberos authentication
dremio deployed in k8 using helm chart
backup command works and can create backup on hdfs dir or local dir
restore command fails with both local dir/hdfs dir
using local backupdir:
dremio@dremio-admin:/opt/dremio/bin$ ./dremio-admin restore -d /opt/dremio/dremio_backup/dremio_backup_2020-05-09_15.23/ -v
Restore failed
java.io.IOException: DestHost:destPort <NAME_NODE>:8020 , LocalHost:localPort dremio-admin/10.42.2.17:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
Caused by: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
using hdfs backup dir:
dremio@dremio-admin:/opt/dremio/bin$ ./dremio-admin restore -d hdfs:/${NAME_NODE}:8020/user/dremio_backup/dremio_backup_2020-05-09_15.23/ -v
Restore failed
java.io.IOException: DestHost:destPort <NAME_NODE>:8020 , LocalHost:localPort dremio-admin/10.42.2.17:0. Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
Caused by: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
kerberos configuration:
dremio.conf
services: {
kerberos.principal: "dremio@DOMAIN.COM"
kerberos.keytab.file.path: "/opt/dremio/secret/.dremio.keytab"
}
dremio@dremio-admin:/opt/dremio$ ls -al secret/
total 4
drwxr-xr-x. 2 root root 32 May 9 19:44 .
drwxr-xr-t. 1 root root 20 May 9 19:44 ..
-r--------. 1 dremio dremio 413 May 9 19:44 .dremio.keytab
dremio@dremio-admin:/opt/dremio$
dremio@dremio-admin:/opt/dremio/conf$ ls -l
total 0
lrwxrwxrwx. 1 root root 20 May 9 19:44 core-site.xml -> ..data/core-site.xml
lrwxrwxrwx. 1 root root 17 May 9 19:44 dremio-env -> ..data/dremio-env
lrwxrwxrwx. 1 root root 18 May 9 19:44 dremio.conf -> ..data/dremio.conf
lrwxrwxrwx. 1 root root 20 May 9 19:44 hdfs-site.xml -> ..data/hdfs-site.xml
lrwxrwxrwx. 1 root root 16 May 9 19:44 krb5.conf -> ..data/krb5.conf
lrwxrwxrwx. 1 root root 25 May 9 19:44 logback-access.xml -> ..data/logback-access.xml
lrwxrwxrwx. 1 root root 24 May 9 19:44 logback-admin.xml -> ..data/logback-admin.xml
lrwxrwxrwx. 1 root root 18 May 9 19:44 logback.xml -> ..data/logback.xml
dremio@dremio-admin:/opt/dremio/conf$
dremio@dremio-admin:/opt/dremio/conf$ echo $DREMIO_JAVA_EXTRA_OPTS
-Djava.security.krb5.conf=/opt/dremio/conf/krb5.conf -Ddremio.flight.host=0.0.0.0 -Ddremio.flight.enabled=true -Ddremio.flight.parallel.enabled=true
dremio@dremio-admin:/opt/dremio/conf$