AnsweredAssumed Answered

Cluster Permissions: What am I missing here?

Question asked by mandoskippy on Jan 26, 2014
Latest reply on Jan 27, 2014 by mandoskippy
I have an issue creating files with an administrative user, both with NFS and the hadoop client. Here are the specs and a showing of the problem.  This cluster is 3.1, and I've been trying to use the easy installer that came with 3.1.  Note: in my four node cluster, I moved jobtracker, zookeeper, and cldb off the control node. But everything seems to be work (well, not permissions).  

Cluster Permissions:

    mapr@hadoopvm1:$ /opt/mapr/bin/maprcli acl show -type cluster
    Principal      Allowed actions        
    User mapr      [login, ss, cv, a, fc] 
    User root      [login, ss, cv, a, fc] 
    User user1     [login, ss, cv, a, fc] 


Volume: mapr.cluster.root

    mapr@hadoopvm1:$ /opt/mapr/bin/maprcli acl show -type volume -name mapr.cluster.root
    Principal      Allowed actions              
    User mapr      [dump, restore, m, a, d, fc] 
    User user1     [dump, restore, m, a, d, fc] 

    Created by: mapr
    Mounted at: /

Volume: ad_data

    mapr@hadoopvm1:$ /opt/mapr/bin/maprcli acl show -type volume -name ad_data
    Principal       Allowed actions              
    User user1      [dump, restore, m, a, d, fc] 
    User mapr       [dump, restore, m, a, d, fc] 
    Group group2    [dump, restore, m, a, d, fc]

    Created by:  user1
    Mounted at /ad_data


If I got to the nfs share mounted at /mapr/cluster1/ (the root), as user1, I can not touch a file.

    user1@hadoopvm1:/mapr/cluster1$ touch file.txt
    touch: cannot touch `file.txt': Permission denied

If I use the hadoop fs client to touchz a file:

    user1@hadoopvm1:/mapr/cluster1$ hadoop fs -touchz /file.txt
    2014-01-26 18:00:35,1321 ERROR Client fs/client/fileclient/cc/client.cc:715 Thread: 139935759124224 Create failed for file file.txt, error Permission denied(13)
    touchz: Create failed for file: /file.txt, error: Permission denied (13)

That's on the root, if I go to ad_data:

    user1@hadoopvm1:/mapr/fcluster1/ad_data$ touch file.txt
    touch: cannot touch `file.txt': Permission denied

Same with the hadoop fs client:

    user1@hadoopvm1:/mapr/cluster1/ad_data$ hadoop fs -touchz /ad_data/file.txt
    2014-01-26 18:01:56,2053 ERROR Client fs/client/fileclient/cc/client.cc:715 Thread: 140705691088640 Create failed for file file.txt, error Permission denied(13)
    touchz: Create failed for file: /ad_data/file.txt, error: Permission denied (13)

So based on cluster permission, mapr.cluster.root permissions, and the volume pemissions, this should work!  It should be known I am doing this from a cluster data node, not a client machine.

That made me wonder if I am read-only mode or something, and everything that I do is going to fail: Nope


    mapr@hadoopvm1:/mapr/cluster1$ ls
    ad_data  etl  hbase  user  var
    mapr@hadoopvm1:/mapr/cluster1$ touch file.txt
    mapr@hadoopvm1:/mapr/cluster1$ ls
    ad_data  etl  file.txt  hbase  user  var
    mapr@hadoopvm1:/mapr/cluster1$ cd ad_data
    mapr@hadoopvm1:/mapr/cluster1/ad_data$ touch file.txt
    mapr@hadoopvm1:/mapr/cluster1/ad_data$ ls
    asd  file.txt
    mapr@hadoopvm1:/mapr/cluster1/ad_data$
    mapr@hadoopvm1:/mapr/cluster1/ad_data$ hadoop fs -touchz /file2.txt
    mapr@hadoopvm1:/mapr/cluster1/ad_data$ hadoop fs -touchz /ad_data/file2.txt
    mapr@hadoopvm1:/mapr/cluster1/ad_data$ ls
    asd  file2.txt  file.txt
    mapr@hadoopvm1:/mapr/cluster1/ad_data$ cd ..
    mapr@hadoopvm1:/mapr/cluster1$ ls
    ad_data  etl  file2.txt  file.txt  hbase  user  var
    mapr@hadoopvm1:/mapr/cluster1$ ls -ls
    total 2
    1 drwxrwxr-x 3 user1 user1 3 Jan 26 18:04 ad_data
    0 drwxr-xr-x 2 user1 group2 0 Jan 26 16:36 etl
    0 -rwxr-xr-x 1 mapr     mapr     0 Jan 26 18:04 file2.txt
    0 -rw-rw-r-- 1 mapr     mapr     0 Jan 26 18:04 file.txt
    0 drwxr-xr-x 2 mapr     mapr     0 Jan 24 19:44 hbase
    1 drwxr-xr-x 3 user1 group2 1 Jan 26 15:32 user
    1 drwxr-xr-x 3 mapr     mapr     1 Jan 24 19:44 var
    

It appers as though as the mapr user, everything works fine, with both the filesystem client and via nfs.  At this point I am lost.  I've tried looking at permissions, they look good, I have no idea what is keeping my user one from working.  Also of note: touchz creates a file with different permissions than the unix touch command, I thought that was interesting too. (touchz looks to do 755, while unix fs touch seems to be 664).

Outcomes