hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Zhurakousky <oleg.zhurakou...@gmail.com>
Subject Re: SIMPLE authentication is not enabled. Available:[TOKEN]
Date Sun, 16 Mar 2014 16:51:22 GMT
Anyway, I've raised https://issues.apache.org/jira/browse/YARN-1841. This
is pretty messed up and needs to be addressed.

Oleg


On Sun, Mar 16, 2014 at 10:29 AM, Oleg Zhurakousky <
oleg.zhurakousky@gmail.com> wrote:

> Also, in your code you provide application id.
> I am trying to register ApplicationMaster:
>
> ApplicationMasterProtocol applicationsManager =
> ClientRMProxy.createRMProxy(yarnConf, ApplicationMasterProtocol.class);
>
>   RegisterApplicationMasterRequest request =
> RegisterApplicationMasterRequest.newInstance("", 0, "");
>
>   RegisterApplicationMasterResponse response =
> applicationsManager.registerApplicationMaster(request);
>
>
>  so at the time I don't have application id and line 3 throws the
> exception.
>
> Oleg
>
>
> On Sun, Mar 16, 2014 at 9:35 AM, Oleg Zhurakousky <
> oleg.zhurakousky@gmail.com> wrote:
>
>> Thanks Jeff.
>>
>> Got passed it, but still puzzled as to why TOKEN is hardcoded as
>> authentication method. Shouldn't this decision be delegated to the end
>> user. Seems very unconventional and awkward.
>>
>> Oleg
>>
>>
>> On Sun, Mar 16, 2014 at 8:44 AM, Jeff Zhang <zjffdu@gmail.com> wrote:
>>
>>> Here's my sample for your reference  ( If you are running unmanaged AM
>>> in client side):
>>>
>>> 1.  set token in UserGroupInformation
>>> 2.  do the registration in the way of UserGroupInformation as following
>>>
>>>  try {
>>>
>>>       ugi.addToken(yarnClient.getAMRMToken(appId));
>>>
>>>       ugi.doAs(new PrivilegedExceptionAction<Void>() {
>>>
>>>         @Override
>>>
>>>         public Void run() throws Exception {
>>>
>>>           AMRMClient<ContainerRequest> amRMClient = AMRMClient
>>>
>>>               .createAMRMClient();
>>>
>>>           amRMClientAsync =
>>> AMRMClientAsync.createAMRMClientAsync(amRMClient,
>>>
>>>               200, new InnerCallbackHandler());
>>>
>>>           amRMClientAsync.init(conf);
>>>
>>>           amRMClientAsync.start();
>>>
>>>           amRMClientAsync.registerApplicationMaster("localhost", 0,
>>> "url");
>>>
>>>           return null;
>>>
>>>         }
>>>
>>>       });
>>>
>>>     } catch (Throwable ex) {
>>>
>>>       ex.printStackTrace();
>>>
>>>     }
>>>
>>>
>>> On Sun, Mar 16, 2014 at 8:19 PM, Oleg Zhurakousky <
>>> oleg.zhurakousky@gmail.com> wrote:
>>>
>>>> Thanks Jeff
>>>>
>>>> Yes I am using 2.3 and the issue is still there.
>>>>
>>>> Oleg
>>>>
>>>>
>>>> On Sun, Mar 16, 2014 at 3:10 AM, Jeff Zhang <zjffdu@gmail.com> wrote:
>>>>
>>>>> Hi Oleg,
>>>>>
>>>>> I meet the same issue when I start an unmanaged AM in client side in
>>>>> thread way. The issue is in the code of hadoop-common-yarn. You could
try
>>>>> to use the code of hadoop-common-yarn of 2.3 instead of 2.2  This resolve
>>>>> my problem at least.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sun, Mar 16, 2014 at 5:56 AM, Oleg Zhurakousky <
>>>>> oleg.zhurakousky@gmail.com> wrote:
>>>>>
>>>>>> The bug you referring to is this i think
>>>>>>
>>>>>> https://issues.apache.org/jira/browse/YARN-945
>>>>>>
>>>>>> . . . and is not really the issue in my case, since my IPv6 is
>>>>>> disabled.
>>>>>>
>>>>>> What I really want to know is why TOKEN is hard coded in ipc Server.
>>>>>> I can't wait to hear the argument ;)
>>>>>>
>>>>>>
>>>>>> Anyway, thanks for reply.
>>>>>>
>>>>>> Oleg
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Sat, Mar 15, 2014 at 5:19 PM, Edward Capriolo <
>>>>>> edlinuxguru@gmail.com> wrote:
>>>>>>
>>>>>>> There was a bug around this message that was fixed. I found another
>>>>>>> bug I forgot to report. If your system is using ipv6 yarn get
get confused
>>>>>>> over the source/destination ips and throw this message at you.
You can go
>>>>>>> in your configuration files and specific a specfic address to
bind. You can
>>>>>>> also go into your hostfile and ensure localhost does not refer
to an ipv6
>>>>>>> address. Java also has a -D switch like preferIPV4 or something
like that.
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky <
>>>>>>> oleg.zhurakousky@gmail.com> wrote:
>>>>>>>
>>>>>>>> So here is my dilemma.
>>>>>>>>
>>>>>>>> I am trying to register ApplicationMaster to a remote YARN
cluster
>>>>>>>> and I get
>>>>>>>>
>>>>>>>> Caused by:
>>>>>>>> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
>>>>>>>> SIMPLE authentication is not enabled.  Available:[TOKEN]
>>>>>>>>
>>>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1406)
>>>>>>>>
>>>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1359)
>>>>>>>>
>>>>>>>> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(
>>>>>>>> ProtobufRpcEngine.java:206)
>>>>>>>>
>>>>>>>> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown
Source)
>>>>>>>>
>>>>>>>> at
>>>>>>>> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster(
>>>>>>>> ApplicationMasterProtocolPBClientImpl.java:106)
>>>>>>>> My security is explicitly set to SIMPLE and I can see it
in my logs:
>>>>>>>>
>>>>>>>> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN,
>>>>>>>> SIMPLE]
>>>>>>>>
>>>>>>>> What is unclear is why [TOKEN] get's there and when I say
unclear,
>>>>>>>> its actually very clear from the ipc Server code. The real
question is why
>>>>>>>> TOKEN is hard coded there in the first place for the cases
when Secret
>>>>>>>> Manager is present. Which also raises another question; How
to disable
>>>>>>>> Secret Manager.
>>>>>>>>
>>>>>>>> Cheers
>>>>>>>> Oleg
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best Regards
>>>>>
>>>>> Jeff Zhang
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Best Regards
>>>
>>> Jeff Zhang
>>>
>>
>>
>

Mime
View raw message