Return-Path: 
 <common-dev-return-83905-apmail-hadoop-common-dev-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-common-dev-archive@www.apache.org
Delivered-To: apmail-hadoop-common-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CD80610C3B
	for <apmail-hadoop-common-dev-archive@www.apache.org>;
 Wed, 29 Jan 2014 16:34:26 +0000 (UTC)
Received: (qmail 4891 invoked by uid 500); 29 Jan 2014 16:34:20 -0000
Delivered-To: apmail-hadoop-common-dev-archive@hadoop.apache.org
Received: (qmail 4819 invoked by uid 500); 29 Jan 2014 16:34:19 -0000
Mailing-List: contact common-dev-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:common-dev-help@hadoop.apache.org>
List-Unsubscribe: <mailto:common-dev-unsubscribe@hadoop.apache.org>
List-Post: <mailto:common-dev@hadoop.apache.org>
List-Id: <common-dev.hadoop.apache.org>
Reply-To: common-dev@hadoop.apache.org
Delivered-To: mailing list common-dev@hadoop.apache.org
Received: (qmail 4807 invoked by uid 99); 29 Jan 2014 16:34:19 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jan 2014 16:34:19 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of stevel@hortonworks.com
 designates 209.85.128.182 as permitted sender)
Received: from [209.85.128.182] (HELO mail-ve0-f182.google.com)
 (209.85.128.182)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 29 Jan 2014 16:34:14 +0000
Received: by mail-ve0-f182.google.com with SMTP id jy13so1377020veb.13
        for <common-dev@hadoop.apache.org>;
 Wed, 29 Jan 2014 08:33:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:date:message-id:subject:from:to
         :content-type;
        bh=dx9jDN9TmQ96zGyYjX7uT6ZE73tAaPcLckTqDC1PjRM=;
        b=bKzAQFiRzZe6sWpzYZGga3kvUqFinTM09PLG0eWGU4pFr8qROEQxRb92DzZyj6l3rz
         uMvdB+BYmcpTTsnJ0DmqbAi1rUbmjaIw8r82q2mWIa+A8XX8XCzP9DvZoXFrjdKYDqu5
         ydDR7nR8hjGTTOlN0veBkcSwjwlLPAyw8l7JZo1ZAyt8gLbXq95y+1jkG+9o2eUOQRy6
         qaCWjxxYYOR60Kg18tdy67fpmYdJLGTC8uvpXOWH9p0qeA5W0RSZ284pwYa5UVfPdfdz
         /3Xode6RrMgtvMLkv7EUsr2ZKe3d3TRY5FA6kGZqFtHsKVfQPIf8kSmcRPHbyEEcsEeI
         Mr/Q==
X-Gm-Message-State: 
 ALoCoQkizlRBAmuqmEomZz3odzbRcB4mzrPRN183jk5YpPBLrF7GQmcd6XSoDt3X9eylpk6WbiShACNzG8X1bi40WFGwc9PtGmtOrcU1LB0XMXL1S7NpWJA=
MIME-Version: 1.0
X-Received: by 10.58.58.3 with SMTP id m3mr907545veq.32.1391013233783; Wed, 29
 Jan 2014 08:33:53 -0800 (PST)
Received: by 10.58.182.105 with HTTP; Wed, 29 Jan 2014 08:33:53 -0800 (PST)
Date: Wed, 29 Jan 2014 16:33:53 +0000
Message-ID: 
 <CA+4kjVuviKSvJmuc3xENkYEhYqqU6FJr9WrV1wtwZdxiCz-vkg@mail.gmail.com>
Subject: regression in 2.4? YARN severs on secure cluster startup
From: Steve Loughran <stevel@hortonworks.com>
To: "common-dev@hadoop.apache.org" <common-dev@hadoop.apache.org>
Content-Type: multipart/alternative; boundary=001a1136b264ad8cb504f11e8176
X-Virus-Checked: Checked by ClamAV on apache.org

--001a1136b264ad8cb504f11e8176
Content-Type: text/plain; charset=UTF-8

I'm just switching over to use the 2.4-SNAPSHOT in a secured pseudo-dist
cluster, and now the services are failing to come up because the web
principals haven't been defined. Example


2014-01-29 15:42:58,558 INFO org.apache.hadoop.http.HttpServer2: Added
filter static_user_filter (class=org.apache.hadoop.ht
tp.lib.StaticUserWebFilter$StaticUserFilter) to context hdfs
2014-01-29 15:42:58,559 INFO org.apache.hadoop.http.HttpServer2: Added
filter static_user_filter (class=org.apache.hadoop.ht
tp.lib.StaticUserWebFilter$StaticUserFilter) to context static
2014-01-29 15:42:58,559 INFO org.apache.hadoop.http.HttpServer2: Added
filter static_user_filter (class=org.apache.hadoop.ht
tp.lib.StaticUserWebFilter$StaticUserFilter) to context logs
2014-01-29 15:42:58,630 ERROR org.apache.hadoop.http.HttpServer2: *WebHDFS
and security are enabled, but configuration proper*
*ty 'dfs.web.authentication.kerberos.principal' is not set.*
2014-01-29 15:42:58,630 INFO org.apache.hadoop.http.HttpServer2: Added
filter 'SPNEGO' (class=org.apache.hadoop.hdfs.web.Aut
hFilter)
2014-01-29 15:42:58,631 INFO org.apache.hadoop.http.HttpServer2:
addJerseyResourcePackage: packageName=org.apache.hadoop.hdf
s.server.namenode.web.resources;org.apache.hadoop.hdfs.web.resources,
pathSpec=/webhdfs/v1/*
2014-01-29 15:42:58,658 INFO org.apache.hadoop.http.HttpServer2: Adding
Kerberos (SPNEGO) filter to getDelegationToken
2014-01-29 15:42:58,662 INFO org.apache.hadoop.http.HttpServer2: Adding
Kerberos (SPNEGO) filter to renewDelegationToken
2014-01-29 15:42:58,663 INFO org.apache.hadoop.http.HttpServer2: Adding
Kerberos (SPNEGO) filter to cancelDelegationToken
2014-01-29 15:42:58,663 INFO org.apache.hadoop.http.HttpServer2: Adding
Kerberos (SPNEGO) filter to fsck
2014-01-29 15:42:58,671 INFO org.apache.hadoop.http.HttpServer2: Adding
Kerberos (SPNEGO) filter to getimage
2014-01-29 15:42:58,748 INFO org.apache.hadoop.http.HttpServer2: Jetty
bound to port 50070
2014-01-29 15:42:58,748 INFO org.mortbay.log: jetty-6.1.26
2014-01-29 15:42:58,941 INFO
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler:
Login using key
tab /home/stevel/conf/hdfs.keytab, for principal HTTP/ubuntu@COTHAM
2014-01-29 15:42:58,981 INFO
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler:
Initialized, pr
incipal [HTTP/ubuntu@COTHAM] from keytab [/home/stevel/conf/hdfs.keytab]
2014-01-29 15:42:58,981 WARN
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
'signature.secret' confi
guration not set, using a random value as secret
2014-01-29 15:42:58,982 WARN org.mortbay.log: failed SPNEGO:
javax.servlet.ServletException: javax.servlet.ServletException:
 Principal not defined in configuration
2014-01-29 15:42:58,982 WARN org.mortbay.log: Failed startup of context
org.mortbay.jetty.webapp.WebAppContext@167a465{/,fil
e:/home/stevel/hadoop/share/hadoop/hdfs/webapps/hdfs}
javax.servlet.ServletException: javax.servlet.ServletException: Principal
not defined in configuration
        at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler
.java:203)
:

YARN is the same but without the text telling me what config option I have
to set (i.e no equivalent of https://issues.apache.org/jira/browse/HDFS-3813)

-29 16:04:33,908 INFO
org.apache.hadoop.yarn.util.AbstractLivelinessMonitor: AMLivelinessMonitor
thread interrupted
2014-01-29 16:04:33,908 INFO
org.apache.hadoop.yarn.util.AbstractLivelinessMonitor:
org.apache.hadoop.yarn.server.resourcemanager.rmcontainer.ContainerAllocationExpirer
thread interrupted
2014-01-29 16:04:33,908 ERROR
org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager:
InterruptedExcpetion recieved for ExpiredTokenRemover thread
java.lang.InterruptedException: sleep interrupted
2014-01-29 16:04:33,909 INFO
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager: Transitioned
to standby state
2014-01-29 16:04:33,909 FATAL
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager: Error
starting ResourceManager
org.apache.hadoop.yarn.webapp.WebAppException: Error starting http server
at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:250)
at
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.startWepApp(ResourceManager.java:775)
at
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.serviceStart(ResourceManager.java:866)
at org.apache.hadoop.service.AbstractService.start(AbstractService.java:193)
at
org.apache.hadoop.yarn.server.resourcemanager.ResourceManager.main(ResourceManager.java:995)
Caused by: java.io.IOException: Unable to initialize WebAppContext
at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:809)
at org.apache.hadoop.yarn.webapp.WebApps$Builder.start(WebApps.java:245)
... 4 more
Caused by: javax.servlet.ServletException: javax.servlet.ServletException:
Principal not defined in configuration
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:203)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.init(AuthenticationFilter.java:146)
at org.mortbay.jetty.servlet.FilterHolder.doStart(FilterHolder.java:97)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at
org.mortbay.jetty.servlet.ServletHandler.initialize(ServletHandler.java:713)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:140)
at
org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1282)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:518)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:499)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at
org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at
org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
at org.mortbay.jetty.Server.doStart(Server.java:224)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:787)
... 5 more
Caused by: javax.servlet.ServletException: Principal not defined in
configuration
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.init(KerberosAuthenticationHandler.java:164)
... 21 more

This cluster config (
https://github.com/hortonworks/hoya/tree/master/hoya-funtest/src/test/configs/ubuntu-secure)
did work on Hadoop-2.2, which implies that there is some change in
Hadoop
2.4 that is incompatible to the extent that you now need to declare some
principals you didn't need to set now need to be


1. it Looks like HDFS-3604, enable webhdfs is the issue that stops the NN
and DN  -IMO it should be marked as an incompatible change, as it stops
clusters that used to start, from starting.
2. what's causing this in YARN?

-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

--001a1136b264ad8cb504f11e8176--