hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Zhurakousky <oleg.zhurakou...@gmail.com>
Subject Re: SIMPLE authentication is not enabled. Available:[TOKEN]
Date Sun, 16 Mar 2014 14:29:15 GMT
Also, in your code you provide application id.
I am trying to register ApplicationMaster:

ApplicationMasterProtocol applicationsManager =
ClientRMProxy.createRMProxy(yarnConf, ApplicationMasterProtocol.class);

  RegisterApplicationMasterRequest request =
RegisterApplicationMasterRequest.newInstance("", 0, "");

  RegisterApplicationMasterResponse response =
applicationsManager.registerApplicationMaster(request);


 so at the time I don't have application id and line 3 throws the exception.

Oleg


On Sun, Mar 16, 2014 at 9:35 AM, Oleg Zhurakousky <
oleg.zhurakousky@gmail.com> wrote:

> Thanks Jeff.
>
> Got passed it, but still puzzled as to why TOKEN is hardcoded as
> authentication method. Shouldn't this decision be delegated to the end
> user. Seems very unconventional and awkward.
>
> Oleg
>
>
> On Sun, Mar 16, 2014 at 8:44 AM, Jeff Zhang <zjffdu@gmail.com> wrote:
>
>> Here's my sample for your reference  ( If you are running unmanaged AM in
>> client side):
>>
>> 1.  set token in UserGroupInformation
>> 2.  do the registration in the way of UserGroupInformation as following
>>
>>  try {
>>
>>       ugi.addToken(yarnClient.getAMRMToken(appId));
>>
>>       ugi.doAs(new PrivilegedExceptionAction<Void>() {
>>
>>         @Override
>>
>>         public Void run() throws Exception {
>>
>>           AMRMClient<ContainerRequest> amRMClient = AMRMClient
>>
>>               .createAMRMClient();
>>
>>           amRMClientAsync =
>> AMRMClientAsync.createAMRMClientAsync(amRMClient,
>>
>>               200, new InnerCallbackHandler());
>>
>>           amRMClientAsync.init(conf);
>>
>>           amRMClientAsync.start();
>>
>>           amRMClientAsync.registerApplicationMaster("localhost", 0, "url"
>> );
>>
>>           return null;
>>
>>         }
>>
>>       });
>>
>>     } catch (Throwable ex) {
>>
>>       ex.printStackTrace();
>>
>>     }
>>
>>
>> On Sun, Mar 16, 2014 at 8:19 PM, Oleg Zhurakousky <
>> oleg.zhurakousky@gmail.com> wrote:
>>
>>> Thanks Jeff
>>>
>>> Yes I am using 2.3 and the issue is still there.
>>>
>>> Oleg
>>>
>>>
>>> On Sun, Mar 16, 2014 at 3:10 AM, Jeff Zhang <zjffdu@gmail.com> wrote:
>>>
>>>> Hi Oleg,
>>>>
>>>> I meet the same issue when I start an unmanaged AM in client side in
>>>> thread way. The issue is in the code of hadoop-common-yarn. You could try
>>>> to use the code of hadoop-common-yarn of 2.3 instead of 2.2  This resolve
>>>> my problem at least.
>>>>
>>>>
>>>>
>>>>
>>>> On Sun, Mar 16, 2014 at 5:56 AM, Oleg Zhurakousky <
>>>> oleg.zhurakousky@gmail.com> wrote:
>>>>
>>>>> The bug you referring to is this i think
>>>>>
>>>>> https://issues.apache.org/jira/browse/YARN-945
>>>>>
>>>>> . . . and is not really the issue in my case, since my IPv6 is
>>>>> disabled.
>>>>>
>>>>> What I really want to know is why TOKEN is hard coded in ipc Server.
I
>>>>> can't wait to hear the argument ;)
>>>>>
>>>>>
>>>>> Anyway, thanks for reply.
>>>>>
>>>>> Oleg
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Mar 15, 2014 at 5:19 PM, Edward Capriolo <
>>>>> edlinuxguru@gmail.com> wrote:
>>>>>
>>>>>> There was a bug around this message that was fixed. I found another
>>>>>> bug I forgot to report. If your system is using ipv6 yarn get get
confused
>>>>>> over the source/destination ips and throw this message at you. You
can go
>>>>>> in your configuration files and specific a specfic address to bind.
You can
>>>>>> also go into your hostfile and ensure localhost does not refer to
an ipv6
>>>>>> address. Java also has a -D switch like preferIPV4 or something like
that.
>>>>>>
>>>>>>
>>>>>> On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky <
>>>>>> oleg.zhurakousky@gmail.com> wrote:
>>>>>>
>>>>>>> So here is my dilemma.
>>>>>>>
>>>>>>> I am trying to register ApplicationMaster to a remote YARN cluster
>>>>>>> and I get
>>>>>>>
>>>>>>> Caused by:
>>>>>>> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
>>>>>>> SIMPLE authentication is not enabled.  Available:[TOKEN]
>>>>>>>
>>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1406)
>>>>>>>
>>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1359)
>>>>>>>
>>>>>>> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(
>>>>>>> ProtobufRpcEngine.java:206)
>>>>>>>
>>>>>>> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown Source)
>>>>>>>
>>>>>>> at
>>>>>>> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster(
>>>>>>> ApplicationMasterProtocolPBClientImpl.java:106)
>>>>>>> My security is explicitly set to SIMPLE and I can see it in my
logs:
>>>>>>>
>>>>>>> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN,
>>>>>>> SIMPLE]
>>>>>>>
>>>>>>> What is unclear is why [TOKEN] get's there and when I say unclear,
>>>>>>> its actually very clear from the ipc Server code. The real question
is why
>>>>>>> TOKEN is hard coded there in the first place for the cases when
Secret
>>>>>>> Manager is present. Which also raises another question; How to
disable
>>>>>>> Secret Manager.
>>>>>>>
>>>>>>> Cheers
>>>>>>> Oleg
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Best Regards
>>>>
>>>> Jeff Zhang
>>>>
>>>
>>>
>>
>>
>> --
>> Best Regards
>>
>> Jeff Zhang
>>
>
>

Mime
View raw message