hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Zhurakousky <oleg.zhurakou...@gmail.com>
Subject Re: SIMPLE authentication is not enabled. Available:[TOKEN]
Date Sun, 16 Mar 2014 13:35:24 GMT
Thanks Jeff.

Got passed it, but still puzzled as to why TOKEN is hardcoded as
authentication method. Shouldn't this decision be delegated to the end
user. Seems very unconventional and awkward.

Oleg


On Sun, Mar 16, 2014 at 8:44 AM, Jeff Zhang <zjffdu@gmail.com> wrote:

> Here's my sample for your reference  ( If you are running unmanaged AM in
> client side):
>
> 1.  set token in UserGroupInformation
> 2.  do the registration in the way of UserGroupInformation as following
>
>  try {
>
>       ugi.addToken(yarnClient.getAMRMToken(appId));
>
>       ugi.doAs(new PrivilegedExceptionAction<Void>() {
>
>         @Override
>
>         public Void run() throws Exception {
>
>           AMRMClient<ContainerRequest> amRMClient = AMRMClient
>
>               .createAMRMClient();
>
>           amRMClientAsync =
> AMRMClientAsync.createAMRMClientAsync(amRMClient,
>
>               200, new InnerCallbackHandler());
>
>           amRMClientAsync.init(conf);
>
>           amRMClientAsync.start();
>
>           amRMClientAsync.registerApplicationMaster("localhost", 0, "url"
> );
>
>           return null;
>
>         }
>
>       });
>
>     } catch (Throwable ex) {
>
>       ex.printStackTrace();
>
>     }
>
>
> On Sun, Mar 16, 2014 at 8:19 PM, Oleg Zhurakousky <
> oleg.zhurakousky@gmail.com> wrote:
>
>> Thanks Jeff
>>
>> Yes I am using 2.3 and the issue is still there.
>>
>> Oleg
>>
>>
>> On Sun, Mar 16, 2014 at 3:10 AM, Jeff Zhang <zjffdu@gmail.com> wrote:
>>
>>> Hi Oleg,
>>>
>>> I meet the same issue when I start an unmanaged AM in client side in
>>> thread way. The issue is in the code of hadoop-common-yarn. You could try
>>> to use the code of hadoop-common-yarn of 2.3 instead of 2.2  This resolve
>>> my problem at least.
>>>
>>>
>>>
>>>
>>> On Sun, Mar 16, 2014 at 5:56 AM, Oleg Zhurakousky <
>>> oleg.zhurakousky@gmail.com> wrote:
>>>
>>>> The bug you referring to is this i think
>>>>
>>>> https://issues.apache.org/jira/browse/YARN-945
>>>>
>>>> . . . and is not really the issue in my case, since my IPv6 is
>>>> disabled.
>>>>
>>>> What I really want to know is why TOKEN is hard coded in ipc Server. I
>>>> can't wait to hear the argument ;)
>>>>
>>>>
>>>> Anyway, thanks for reply.
>>>>
>>>> Oleg
>>>>
>>>>
>>>>
>>>>
>>>> On Sat, Mar 15, 2014 at 5:19 PM, Edward Capriolo <edlinuxguru@gmail.com
>>>> > wrote:
>>>>
>>>>> There was a bug around this message that was fixed. I found another
>>>>> bug I forgot to report. If your system is using ipv6 yarn get get confused
>>>>> over the source/destination ips and throw this message at you. You can
go
>>>>> in your configuration files and specific a specfic address to bind. You
can
>>>>> also go into your hostfile and ensure localhost does not refer to an
ipv6
>>>>> address. Java also has a -D switch like preferIPV4 or something like
that.
>>>>>
>>>>>
>>>>> On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky <
>>>>> oleg.zhurakousky@gmail.com> wrote:
>>>>>
>>>>>> So here is my dilemma.
>>>>>>
>>>>>> I am trying to register ApplicationMaster to a remote YARN cluster
>>>>>> and I get
>>>>>>
>>>>>> Caused by:
>>>>>> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
>>>>>> SIMPLE authentication is not enabled.  Available:[TOKEN]
>>>>>>
>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1406)
>>>>>>
>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1359)
>>>>>>
>>>>>> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(
>>>>>> ProtobufRpcEngine.java:206)
>>>>>>
>>>>>> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown Source)
>>>>>>
>>>>>> at
>>>>>> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster(
>>>>>> ApplicationMasterProtocolPBClientImpl.java:106)
>>>>>> My security is explicitly set to SIMPLE and I can see it in my logs:
>>>>>>
>>>>>> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN,
>>>>>> SIMPLE]
>>>>>>
>>>>>> What is unclear is why [TOKEN] get's there and when I say unclear,
>>>>>> its actually very clear from the ipc Server code. The real question
is why
>>>>>> TOKEN is hard coded there in the first place for the cases when Secret
>>>>>> Manager is present. Which also raises another question; How to disable
>>>>>> Secret Manager.
>>>>>>
>>>>>> Cheers
>>>>>> Oleg
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards
>>>
>>> Jeff Zhang
>>>
>>
>>
>
>
> --
> Best Regards
>
> Jeff Zhang
>

Mime
View raw message