Return-Path: 
 <user-return-14355-apmail-hadoop-mapreduce-user-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-mapreduce-user-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2CFCC107EC
	for <apmail-hadoop-mapreduce-user-archive@minotaur.apache.org>;
 Sat, 15 Mar 2014 21:20:06 +0000 (UTC)
Received: (qmail 19420 invoked by uid 500); 15 Mar 2014 21:19:57 -0000
Delivered-To: apmail-hadoop-mapreduce-user-archive@hadoop.apache.org
Received: (qmail 19298 invoked by uid 500); 15 Mar 2014 21:19:57 -0000
Mailing-List: contact user-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@hadoop.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@hadoop.apache.org>
List-Post: <mailto:user@hadoop.apache.org>
List-Id: <user.hadoop.apache.org>
Reply-To: user@hadoop.apache.org
Delivered-To: mailing list user@hadoop.apache.org
Received: (qmail 19291 invoked by uid 99); 15 Mar 2014 21:19:56 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Mar 2014 21:19:56 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of edlinuxguru@gmail.com
 designates 209.85.212.171 as permitted sender)
Received: from [209.85.212.171] (HELO mail-wi0-f171.google.com)
 (209.85.212.171)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 15 Mar 2014 21:19:51 +0000
Received: by mail-wi0-f171.google.com with SMTP id hn9so801339wib.4
        for <user@hadoop.apache.org>; Sat, 15 Mar 2014 14:19:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=eWxLHcXMGIw59DL9sAigIEdXz2F1XfjRIexPrxmCW/U=;
        b=P0Hd+g2nxCYQSimIfbqi3FR/qjQwqqMi3KjYMxG3joP2tRKaAg/4Wu5XKK1z1psEbA
         rDmFLtu1UhekWOYLL2Cl+Yiy7qxIiucgtl8BM4KYnhS22FbKajKkkDa1gwjpC1rWB180
         4fEc/f7q2YP4HsBXXNPEWZ9DLeaaONoCZBVF377vu7Q1s6WOqJ7omI8FoC7ggJem/bu8
         GKd38Wxl13ykyAOJocg4c2gVF/V/2spw4muaeak9iNcCus+SYZOglLfPDkYqhs7lCTp2
         ENkGUIFvrDdlvyC3ytsOWooQCr2fNDJojYId3c2KJ5/UZ3LBwT3yaWU0VtJe8tI6zerL
         WMKQ==
MIME-Version: 1.0
X-Received: by 10.180.211.208 with SMTP id ne16mr3471256wic.21.1394918370419;
 Sat, 15 Mar 2014 14:19:30 -0700 (PDT)
Received: by 10.194.220.105 with HTTP; Sat, 15 Mar 2014 14:19:30 -0700 (PDT)
In-Reply-To: 
 <CA+POG04ofNj7hBWiRi0HHoXQdSN5VyP-D6Wy0DAkWmPZ-6H0Eg@mail.gmail.com>
References: 
 <CA+POG04ofNj7hBWiRi0HHoXQdSN5VyP-D6Wy0DAkWmPZ-6H0Eg@mail.gmail.com>
Date: Sat, 15 Mar 2014 17:19:30 -0400
Message-ID: 
 <CAENxBwzm7vawPkvv8zkEjCcexbH-o2OOyRRV0whuUx8Dr_75Mw@mail.gmail.com>
Subject: Re: SIMPLE authentication is not enabled. Available:[TOKEN]
From: Edward Capriolo <edlinuxguru@gmail.com>
To: "common-user@hadoop.apache.org" <user@hadoop.apache.org>
Content-Type: multipart/alternative; boundary=001a11c37c92f5ae4204f4abbd80
X-Virus-Checked: Checked by ClamAV on apache.org

--001a11c37c92f5ae4204f4abbd80
Content-Type: text/plain; charset=ISO-8859-1

There was a bug around this message that was fixed. I found another bug I
forgot to report. If your system is using ipv6 yarn get get confused over
the source/destination ips and throw this message at you. You can go in
your configuration files and specific a specfic address to bind. You can
also go into your hostfile and ensure localhost does not refer to an ipv6
address. Java also has a -D switch like preferIPV4 or something like that.


On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky <
oleg.zhurakousky@gmail.com> wrote:

> So here is my dilemma.
>
> I am trying to register ApplicationMaster to a remote YARN cluster and I
> get
>
> Caused by:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
> SIMPLE authentication is not enabled.  Available:[TOKEN]
>
> at org.apache.hadoop.ipc.Client.call(Client.java:1406)
>
> at org.apache.hadoop.ipc.Client.call(Client.java:1359)
>
> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(
> ProtobufRpcEngine.java:206)
>
> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown Source)
>
> at
> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster(
> ApplicationMasterProtocolPBClientImpl.java:106)
> My security is explicitly set to SIMPLE and I can see it in my logs:
>
> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN, SIMPLE]
>
> What is unclear is why [TOKEN] get's there and when I say unclear, its
> actually very clear from the ipc Server code. The real question is why
> TOKEN is hard coded there in the first place for the cases when Secret
> Manager is present. Which also raises another question; How to disable
> Secret Manager.
>
> Cheers
> Oleg
>
>

--001a11c37c92f5ae4204f4abbd80
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">There was a bug around this message that was fixed. I foun=
d another bug I forgot to report. If your system is using ipv6 yarn get get=
 confused over the source/destination ips and throw this message at you. Yo=
u can go in your configuration files and specific a specfic address to bind=
. You can also go into your hostfile and ensure localhost does not refer to=
 an ipv6 address. Java also has a -D switch like preferIPV4 or something li=
ke that.<br>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sat,=
 Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky <span dir=3D"ltr">&lt;<a href=3D=
"mailto:oleg.zhurakousky@gmail.com" target=3D"_blank">oleg.zhurakousky@gmai=
l.com</a>&gt;</span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div dir=3D"ltr">So here is my dilemma.=A0<d=
iv><br></div><div>I am trying to register ApplicationMaster to a remote YAR=
N cluster and I get=A0</div>
<div>







<p>Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.secur=
ity.AccessControlException): SIMPLE authentication is not enabled.=A0 Avail=
able:[TOKEN]</p>
<p><span>	</span>at org.apache.hadoop.ipc.Client.call(<span>Client.java:140=
6</span>)</p>
<p><span>	</span>at org.apache.hadoop.ipc.Client.call(<span>Client.java:135=
9</span>)</p>
<p><span>	</span>at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(=
<span>ProtobufRpcEngine.java:206</span>)</p>
<p><span>	</span>at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown=
 Source)</p>
<p><span>	</span>at org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMa=
sterProtocolPBClientImpl.registerApplicationMaster(<span>ApplicationMasterP=
rotocolPBClientImpl.java:106</span>)</p><div>
My security is explicitly set to SIMPLE and I can see it in my logs:</div><=
div><br></div><div>org.apache.hadoop.ipc.Server: Server accepts auth method=
s:[TOKEN, SIMPLE]</div><div><br></div><div>What is unclear is why [TOKEN] g=
et&#39;s there and when I say unclear, its actually very clear from the ipc=
 Server code. The real question is why TOKEN is hard coded there in the fir=
st place for the cases when Secret Manager is present. Which also raises an=
other question; How to disable Secret Manager.=A0</div>

<div><br></div><div>Cheers</div><span class=3D"HOEnZb"><font color=3D"#8888=
88"><div>Oleg</div><div><div><br></div></div></font></span></div></div>
</blockquote></div><br></div>

--001a11c37c92f5ae4204f4abbd80--