Hadoop IOException failure to login

Question

I'm pretty new to Hadoop. However, I've been able to successfully setup hadoop 2.7.3 with Java 7 in the cluster mode on my servers. Everything works totally fine.

But then, when I try to switch to Java 8 and start dfs, there is an error:

Exception in thread "main" java.io.IOException: failure to login
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:824)
    at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:761)
    at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:634)
    at org.apache.hadoop.hdfs.tools.GetConf.run(GetConf.java:315)
    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
    at org.apache.hadoop.hdfs.tools.GetConf.main(GetConf.java:332)
Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input: name
    at com.sun.security.auth.UnixPrincipal.<init>(UnixPrincipal.java:71)
    at com.sun.security.auth.module.UnixLoginModule.login(UnixLoginModule.java:133)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:799)
    at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:761)
    at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:634)
    at org.apache.hadoop.hdfs.tools.GetConf.run(GetConf.java:315)
    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:70)
    at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:84)
    at org.apache.hadoop.hdfs.tools.GetConf.main(GetConf.java:332)

    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
    at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:799)
    ... 6 more

It seems like hadoop happens to not be able to login using my username on the workers. I try to look it up from other sources and followed their guidances such as adding environment variable HADOOP_USER_NAME, deleting and reseting the whole datanode and namenode, etc. However, none of them works for me in this case.

The weird thing about this problem is that when I try to switch back to Java 7. Hadoop works fine for me like before. However, I don't think there should be a problem because of the difference between the Java versions since Hadoop is compatible with both of them based on its documentation. Also, trusted ssh is already set up within the cluster.

Below is my .bashrc configurations fyi:

export JAVA_HOME="/scratch/dsat_server/jdk1.8.0_121"
export HADOOP_PREFIX="/scratch/dsat_server/hadoop-2.7.3"
export HADOOP_COMMON_LIB_NATIVE_DIR="$HADOOP_PREFIX/lib/native"
export HADOOP_CONF_DIR="$HADOOP_PREFIX/conf"
export HADOOP_OPTS="-Djava.net.preferIPv4Stack=truei-Djava.library.path=$HADOOP_PREFIX/lib"

Answer 1

I've encountered the same issue when running an hbase client from a docker container with Java 8. It is apparently caused by class com.sun.security.auth.module.UnixLoginModule which uses a native call to get the unix username. In my case, it is not mapped in docker, and the class throws a NullPointerException. It is not a bug in hadoop per se.

To instruct hadoop to bypass the lookup of the OS username, I was able to add the following line of code before all initialization:

UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("hduser"));

In your case, you are running the server, so your options of injecting the code are limited. Instead there are two options:

1. Try the IBM JDK instead
2. Try to debug the OS user setup on the workers ( $ whoami). If it says something like 'cannot find name for user ID XXXX', then check the /etc/passwd setup

Answer 2

Faced same error while running spark code from IDE.

Exception in thread "main" java.io.IOException: failure to login
        at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:822)
        at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:774)
        at org.apache.hadoop.security.UserGroupInformation.getCurrentUser(UserGroupInformation.java:647)
        at org.apache.spark.util.Utils$$anonfun$getCurrentUserName$1.apply(Utils.scala:2464)
        at org.apache.spark.util.Utils$$anonfun$getCurrentUserName$1.apply(Utils.scala:2464)
        at scala.Option.getOrElse(Option.scala:121)
        at org.apache.spark.util.Utils$.getCurrentUserName(Utils.scala:2464)
        at org.apache.spark.SparkContext.<init>(SparkContext.scala:292)
        at org.apache.spark.SparkContext$.getOrCreate(SparkContext.scala:2486)
        at org.apache.spark.sql.SparkSession$Builder$$anonfun$7.apply(SparkSession.scala:930)
        at org.apache.spark.sql.SparkSession$Builder$$anonfun$7.apply(SparkSession.scala:921)
        at scala.Option.getOrElse(Option.scala:121)
        at org.apache.spark.sql.SparkSession$Builder.getOrCreate(SparkSession.scala:921)
        at SimpleApp$.main(SimpleApp.scala:17)
        at SimpleApp.main(SimpleApp.scala)
Caused by: javax.security.auth.login.LoginException:
java.lang.NullPointerException: invalid null input: name

Resolution added following statement in main code.

UserGroupInformation.setLoginUser(UserGroupInformation.createRemoteUser("vyxx"))

Answer 3

I found that I don't have to take any special measures in code if I ensure that the docker image is properly configured for the jenkins user. The code I use to setup the image for the jenkins user for Debian/Ubuntu based images is:

# Add Jenkins user
groupadd --gid 1000 jenkins
useradd --uid 1000 --gid jenkins --shell /bin/bash --home-dir /var/jenkins_home jenkins
mkdir /var/jenkins_home
chown 1000:1000 /var/jenkins_home
echo 'jenkins ALL=NOPASSWD: ALL' >> /etc/sudoers.d/50-jenkins
echo 'Defaults    env_keep += "DEBIAN_FRONTEND"' >> /etc/sudoers.d/env_keep