hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-9299) kerberos name resolution is kicking in even when kerberos is not configured
Date Wed, 13 Mar 2013 23:32:14 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-9299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13601806#comment-13601806

Hadoop QA commented on HADOOP-9299:

{color:green}+1 overall{color}.  Here are the results of testing the latest attachment 
  against trunk revision .

    {color:green}+1 @author{color}.  The patch does not contain any @author tags.

    {color:green}+1 tests included{color}.  The patch appears to include 1 new or modified
test files.

    {color:green}+1 tests included appear to have a timeout.{color}

    {color:green}+1 javac{color}.  The applied patch does not increase the total number of
javac compiler warnings.

    {color:green}+1 javadoc{color}.  The javadoc tool did not generate any warning messages.

    {color:green}+1 eclipse:eclipse{color}.  The patch built with eclipse:eclipse.

    {color:green}+1 findbugs{color}.  The patch does not introduce any new Findbugs (version
1.3.9) warnings.

    {color:green}+1 release audit{color}.  The applied patch does not increase the total number
of release audit warnings.

    {color:green}+1 core tests{color}.  The patch passed unit tests in hadoop-common-project/hadoop-common.

    {color:green}+1 contrib tests{color}.  The patch passed contrib unit tests.

Test results: https://builds.apache.org/job/PreCommit-HADOOP-Build/2325//testReport/
Console output: https://builds.apache.org/job/PreCommit-HADOOP-Build/2325//console

This message is automatically generated.
> kerberos name resolution is kicking in even when kerberos is not configured
> ---------------------------------------------------------------------------
>                 Key: HADOOP-9299
>                 URL: https://issues.apache.org/jira/browse/HADOOP-9299
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.3-alpha
>            Reporter: Roman Shaposhnik
>            Assignee: Daryn Sharp
>            Priority: Blocker
>         Attachments: HADOOP-9299.patch
> Here's what I'm observing on a fully distributed cluster deployed via Bigtop from the
RC0 2.0.3-alpha tarball:
> {noformat}
> 528077-oozie-tucu-W@mr-node] Error starting action [mr-node]. ErrorType [TRANSIENT],
ErrorCode [JA009], Message [JA009: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:
No rules applied to yarn/localhost@LOCALREALM
>         at org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier.<init>(AbstractDelegationTokenIdentifier.java:68)
>         at org.apache.hadoop.mapreduce.v2.api.MRDelegationTokenIdentifier.<init>(MRDelegationTokenIdentifier.java:51)
>         at org.apache.hadoop.mapreduce.v2.hs.HistoryClientService$HSClientProtocolHandler.getDelegationToken(HistoryClientService.java:336)
>         at org.apache.hadoop.mapreduce.v2.api.impl.pb.service.MRClientProtocolPBServiceImpl.getDelegationToken(MRClientProtocolPBServiceImpl.java:210)
>         at org.apache.hadoop.yarn.proto.MRClientProtocol$MRClientProtocolService$2.callBlockingMethod(MRClientProtocol.java:240)
>         at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:454)
>         at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1014)
>         at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1735)
>         at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1731)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at javax.security.auth.Subject.doAs(Subject.java:396)
>         at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1441)
>         at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1729)
> Caused by: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule:
No rules applied to yarn/localhost@LOCALREALM
>         at org.apache.hadoop.security.authentication.util.KerberosName.getShortName(KerberosName.java:378)
>         at org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier.<init>(AbstractDelegationTokenIdentifier.java:66)
>         ... 12 more
> ]
> {noformat}
> This is submitting a mapreduce job via Oozie 3.3.1. The reason I think this is a Hadoop
issue rather than the oozie one is because when I hack /etc/krb5.conf to be:
> {noformat}
> [libdefaults]
>    ticket_lifetime = 600
>    default_realm = LOCALHOST
>    default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>    default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
> [realms]
>    LOCALHOST = {
>        kdc = localhost:88
>        default_domain = .local
>    }
> [domain_realm]
>    .local = LOCALHOST
> [logging]
>    kdc = FILE:/var/log/krb5kdc.log
>    admin_server = FILE:/var/log/kadmin.log
>    default = FILE:/var/log/krb5lib.log
> {noformat}
> The issue goes away. 
> Now, once again -- the kerberos auth is NOT configured for Hadoop, hence it should NOT
pay attention to /etc/krb5.conf to begin with.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message