Home Forums HDP on Linux – Installation Hadoop HDP 2.0 sshfence (Permission denied)

This topic contains 3 replies, has 2 voices, and was last updated by  Dave 8 months ago.

  • Creator
    Topic
  • #47161

    Jakub Stransky
    Participant

    I am trying Hadoop 2 High Availability for HDFS. I set up passwordless ssh connection among NameNodes under user hafence. That I verified – and it works. However I am getting following (Permission Denied) when using this sshfence setup.

    2014-01-20 12:54:47,101 INFO ha.NodeFencer (NodeFencer.java:fence(91)) – ====== Beginning Service Fencing Process… ======
    2014-01-20 12:54:47,101 INFO ha.NodeFencer (NodeFencer.java:fence(94)) – Trying method 1/1: org.apache.hadoop.ha.SshFenceByTcpPort(hafence:22)
    2014-01-20 12:54:47,101 WARN ha.SshFenceByTcpPort (SshFenceByTcpPort.java:tryFence(93)) – Unable to create SSH session
    com.jcraft.jsch.JSchException: java.io.FileNotFoundException: /home/hafence/.ssh/id_rsa (Permission denied)
    at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:98)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:206)
    at com.jcraft.jsch.JSch.addIdentity(JSch.java:192)
    at org.apache.hadoop.ha.SshFenceByTcpPort.createSession(SshFenceByTcpPort.java:122)
    at org.apache.hadoop.ha.SshFenceByTcpPort.tryFence(SshFenceByTcpPort.java:91)
    at org.apache.hadoop.ha.NodeFencer.fence(NodeFencer.java:97)
    at org.apache.hadoop.ha.ZKFailoverController.doFence(ZKFailoverController.java:521)
    at org.apache.hadoop.ha.ZKFailoverController.fenceOldActive(ZKFailoverController.java:494)
    at org.apache.hadoop.ha.ZKFailoverController.access$1100(ZKFailoverController.java:59)
    at org.apache.hadoop.ha.ZKFailoverController$ElectorCallbacks.fenceOldActive(ZKFailoverController.java:837)
    at org.apache.hadoop.ha.ActiveStandbyElector.fenceOldActive(ActiveStandbyElector.java:900)
    at org.apache.hadoop.ha.ActiveStandbyElector.becomeActive(ActiveStandbyElector.java:799)
    at org.apache.hadoop.ha.ActiveStandbyElector.processResult(ActiveStandbyElector.java:415)
    at org.apache.zookeeper.ClientCnxn$EventThread.processEvent(ClientCnxn.java:596)
    at org.apache.zookeeper.ClientCnxn$EventThread.run(ClientCnxn.java:495)
    Caused by: java.io.FileNotFoundException: /home/hafence/.ssh/id_rsa (Permission denied)
    at java.io.FileInputStream.open(Native Method)
    at java.io.FileInputStream.<init>(FileInputStream.java:138)
    at java.io.FileInputStream.<init>(FileInputStream.java:97)
    at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:83)
    … 14 more
    My configuration is as following in hdfs-site.xml:

    <property>
    <name>dfs.ha.fencing.methods</name>
    <value>sshfence(hafence:22)</value>
    </property>
    <property>
    <name>dfs.ha.fencing.ssh.private-key-files</name>
    <value>/home/hafence/.ssh/id_rsa</value>
    </property>
    <property>
    <name>dfs.ha.fencing.ssh.connect-timeout</name>
    <value>30000</value>
    </property>

    <property>
    <name>dfs.ha.automatic-failover.enabled</name>
    <value>true</value>
    </property>
    What are the permission requirements, user etc. in order to make the sshfence working?

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #47167

    Dave
    Moderator

    Hi Jakub,

    .ssh should be the directory (755) with 644 being the authorized keys (when you setup the passwordless ssh)

    I’m glad you got it sorted out.

    Thanks

    Dave

    Collapse
    #47164

    Jakub Stransky
    Participant

    Hi Dave,

    when I set a different permissions (e.g. 755 as you suggest) linux sshd refuse the authentication an insist on 600 because of keys. I solved this problem by using a hdfs user

    Collapse
    #47162

    Dave
    Moderator

    Hi Jakub,

    Did you change the permissions correctly on your ssh keys?
    You will also need to check /home/hafence/.ssh

    chmod 644 .ssh/authorized_keys

    chmod 755 .ssh

    Thanks

    Dave

    Collapse
Viewing 3 replies - 1 through 3 (of 3 total)