Repository-hdfs with kerberos failed


Hi, I want to create a secure repository-hdfs with kerberos.

  • Place the keytab file in /etc/elasticsearch/repository-hdfs/krb5.keytab
  • Edit the realm info in /etc/krb5.conf

After done the above two steps, I can use kinit and klist get the correct message. So I create my repo in kibana console:

PUT _snapshot/my_hdfs_repository
"type": "hdfs",
"settings": {
"uri": "hdfs://",
"path": "/data/nta/repositories/my_hdfs_repository",
"security.principal": "sys_cq@HADOOP.XXXX.COM"

But I get the error log:

Permission denied: user=sys_cq, access=WRITE, inode="/":hdfs:hadoop:drwxr-xr-x

I have the right permissions in HDFS:
$ hadoop fs -ls -d /data/nta
drwxr-x--- - sys_cq sys_cq

My software version is:
elasticsearch Version: 6.5.3, Build: default/rpm/159a78a/2018-12-06T20:11:28.826501Z, JVM: 1.8.0_201
hadoop version: Hadoop 2.6.0-cdh5.11.0

Can anybody help me ? :slight_smile:

(James Baiera) #2

Could you increase the logging level in Elasticsearch for the org.elasticsearch.repositories.hdfs package to DEBUG and post the full logs here?

(system) closed #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.