Permission denied for provisioning with yarn

chrissto · February 8, 2019, 2:52pm

Hey,

we are getting permission denied error, when we try to provisioning with yarn on a cloudera cluster. The /user/dremio directory is existing and has the proper access rights for user dremio. What else needs to be considered?

org.apache.hadoop.security.AccessControlException: Permission denied: user=dremio, access=WRITE, inode="/user":hdfs:supergroup:drwxr-xr-x at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkFsPermission(DefaultAuthorizationProvider.java:279) at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:260) at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:240) at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkPermission(DefaultAuthorizationProvider.java:162) at org.apache.sentry.hdfs.SentryAuthorizationProvider.checkPermission(SentryAuthorizationProvider.java:194) at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:152) at org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:3877) at org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:3860) at org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkAncestorAccess(FSDirectory.java:3842) at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:6817) at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInternal(FSNamesystem.java:2971) at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFileInt(FSNamesystem.java:2889) at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.startFile(FSNamesystem.java:2774) at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.create(NameNodeRpcServer.java:610) at org.apache.hadoop.hdfs.server.namenode.AuthorizationProviderProxyClientProtocol.create(AuthorizationProviderProxyClientProtocol.java:117) at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.create(ClientNamenodeProtocolServerSideTranslatorPB.java:413) at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java) at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:617) at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1073) at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2281) at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2277) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1920) at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2275)

Thanks in advanced.

balaji.ramaswamy · February 8, 2019, 4:33pm

Hi @chrissto

Are you using Sentry for authorization into HDFS. Has Dremio been given access via Sentry?

Thanks
@balaji.ramaswamy

chrissto · March 28, 2019, 7:58pm

Hey Balaji,

thanks for your response and sorry for my late reply. Yes we are using Sentry.

The problem was that dremio coordinator was started by root.

Best

Topic		Replies	Views
User XXXX(user id XXXX) does not have access to mapfrs:///user/dremio/DremioDaoemon/XXXXXXXX/launcherXXXXXX.jar	1	945	October 2, 2018
User: xxxxx is not allowed to impersonate hdfs	12	7103	February 21, 2018
Can't Run YARN when Kerberos/Unix accounts don't match	0	892	October 16, 2019
Dremio Yarn Kerberos Errors	26	4637	April 26, 2018
Trying to setup Yarn on HDP	1	1051	March 27, 2019

Permission denied for provisioning with yarn

Related Topics