Run sqoop inside shell action or shell script

This is yet another one of those episodes where it seems it should be an obvious thing to do in Oozie and it isn’t. The use case is to run an undefined number of sqoop import commands from previously unknown list of tables. The one advice you’d hear is to create a sqoop action for each table. This unfortunately doesn’t support the use case. Let’s assume you have no access to source database and tables. You need to sqoop every table dynamically from a database, list of tables changes from week to week. A static workflow will not work. The one solution that I can think of is to create a shell script, loop through each table and run sqoop against each table. Not so fast! The issue here is that the user executing a workflow of type shell action is “yarn” and sqoop command is executed by the original user executing the workflow. So let’s say user is “root”, it executes a workflow with one shell action that calls command “sqoop import --connect jdbc:postgresql://127.0.0.1/ambari --username ambari --table hosts --target-dir /tmp/sqoopstagingdir/hosts --password-file /sqoop/password”. You will get the following error:
ERROR tool.ImportTool: Encountered IOException running import job: org.apache.hadoop.security.AccessControlException: Permission denied: user=yarn, access=WRITE, inode="/user/yarn/.staging"
What this means is that Oozie workflow is being executed in the context of “yarn” user, not the original user “root”. So when shell command or script is executed, it is being executed as yarn, but the context belongs to user root. Don’t even bother trying chmod -R 777 on /user/yarn/.staging, it won’t work, permissions are reset every time a job runs.


There are two ways to go around it, first and easy fix is execute your workflows as yarn user. Except sometimes that’s a problem because you as a user cannot elevate yourself to system user account. The other option is to execute the sqoop command as root inside a shell script
sudo -u root sqoop import --connect jdbc:postgresql://127.0.0.1/ambari --username ambari --password-file /sqoop/password --table hosts --target-dir /tmp/sqoopstagingdir/hosts
You’re still not out of the water though, as is, you will get the following message from the logs
sudo: no tty present and no askpass program specified
So what you can do is edit your sudoers file and add the following for yarn user
yarn    ALL=(ALL)       NOPASSWD: ALL
Then you can execute your workflows as user root, and script will execute the sqoop command as root as well. Of couse use this at your own risk because you’re allowing yarn user impersonate itself without entering password.

 I have a sample workflow on my github.

Comments

Post a Comment

Popular posts from this blog

Vista Vulnerability Report mentions Ubuntu 6.06 LTS

Update: I posted this on MIXX since DIGG was taken care of by someone already, except that that user didn't really write a good preview for it so it got buried. This report is generating some buzz though. I emailed this report to Mark Shuttleworth of Ubuntu fame and little did I know, HE ANSWERED!!!! Whoever answered me on that side of the e-mail pipe liked the report and was wondering if it was official and whether he could quote from it. It definitely is official and I forwarded him the e-mail with this report, he said he will pass it down internally. That made my day, it's amazing that a man of his statute, that's if it was him, answers e-mails from regular people like me. That's what I call a real genuine pioneer! Thank you Mark and all of the Ubuntu Staff. Read
Read more

Running CockroachDB with Docker Compose and Minio, Part 2

This is my second post on creating a multi-service architecture with docker-compose. This is meant to be a learning exercise and typically docker-compose is used to set up a local development environment rather than a production-ready set up. I regularly, find myself building these environments to reproduce customer bugs. For a production-specific application, refer to your platform vendor documentation. At some later time, I will cover Kubernetes deployments that can be used as a stepping stone for a real-world application. Until then, let's focus on the task at hand. We're building a microservice architecture with CockroachDB writing changes in real-time to an S3 bucket in JSON format. S3 bucket is served by a service called Minio. It can act like an S3 appliance on premise or serve as a local gateway to your cloud storage. Let's dig in:
Read more

Doing "print screen" on a Mac is a pain in the ass

I am catching up with blogging today and I need to take a screenshot of my screen. I have a Macbook Pro with Ubuntu in a virtual machine. There is no printscreen button and a quick search returned "Apple + Shift + 3". Mac fanboys think that's easy and better than PC? So here's a problem. If you want to take a print screen in VM, that key combination doesn't work. What do I do besides opening the screenshot application and doing it half-assed way? I am sure you can edit key bindings but that should not be that way. If you know of any other ways, let me know.
Read more