hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kilaru, Sambaiah" <Sambaiah_Kil...@intuit.com>
Subject Re: Start job with Kerberos meet error
Date Wed, 02 Nov 2016 15:36:07 GMT
What is FQDN of hosts? Tcpdump on port 88 and see what request it is going through?

Checking keytabs are current by logging in
Kinit –kt temp_host.keytab yarn/tempt48@HADOOP.COM<mailto:tempt48@HADOOP.COM>

What is your /etc/krb5.conf file look like?

Thanks,
Sam

From: Micro dong <microle.dong@gmail.com<mailto:microle.dong@gmail.com>>
Date: Tuesday, November 1, 2016 at 9:15 AM
To: "user@hadoop.apache.org<mailto:user@hadoop.apache.org>" <user@hadoop.apache.org<mailto:user@hadoop.apache.org>>
Subject: Start job with Kerberos meet error

I'm trying to configure Yarn(hadoop-2.7.2)  With Kerberos。Here is my  configuration file
in yarn-site.xml。
    <property>
      <name>yarn.resourcemanager.keytab</name>
       <value>/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab</value>
    </property>
    <property>
      <name>yarn.resourcemanager.principal</name>
      <value>yarn/_HOST@HADOOP.COM<mailto:HOST@HADOOP.COM></value>
    </property>
    <property>
      <name>yarn.nodemanager.keytab</name>
      <value>/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab</value>
    </property>
    <property>
      <name>yarn.nodemanager.principal</name>
      <value>yarn/_HOST@HADOOP.COM<mailto:HOST@HADOOP.COM></value>
    </property>
    <property>
      <name>yarn.nodemanager.linux-container-executor.path</name>
      <value>/home/yarn/software/hadoop/bin/container-executor</value>
    </property>
    <property>
      <name>yarn.nodemanager.container-executor.class</name>
      <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value>
    </property>
    <property>
      <name>yarn.nodemanager.linux-container-executor.group</name>
      <value>yarn</value>
    </property>

the keytab file is in its location, its owner is yarn. But when I try to start job, I see
this message on the log:
2016-10-31 19:30:00,743 WARN org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService:
{ hdfs://tempt48:9000/home/yarn/staging/xjc/.staging/job_1477641527809_0017/job.jar, 1477913393217,
PATTERN, (?:classes/|lib/).* } failed: Login failure for yarn/tempt57@HADOOP.COM<mailto:tempt57@HADOOP.COM>
from keytab /home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab: javax.security.auth.login.LoginException:
Unable to obtain password from user

tempt48 is resourcemanager'node ,tempt57 is nodemanager's node.

keytab file in tempt57
[yarn@tempt57 sbin]$ klist -kt /home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab
Keytab name: FILE:/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 10/31/16 17:30:06 yarn/tempt57@HADOOP.COM<mailto:tempt57@HADOOP.COM>
   2 10/31/16 17:30:06 yarn/tempt57@HADOOP.COM<mailto:tempt57@HADOOP.COM>
   2 10/31/16 17:30:07 yarn/tempt57@HADOOP.COM<mailto:tempt57@HADOOP.COM>
   2 10/31/16 17:30:07 yarn/tempt57@HADOOP.COM<mailto:tempt57@HADOOP.COM>
   2 10/31/16 17:30:07 yarn/tempt57@HADOOP.COM<mailto:tempt57@HADOOP.COM>


keytab file in tempt48
[yarn@tempt48 sbin]$ klist  -kt /home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab
Keytab name: FILE:/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab
KVNO Timestamp         Principal
---- ----------------- --------------------------------------------------------
   2 10/14/16 12:00:18 yarn/tempt48@HADOOP.COM<mailto:tempt48@HADOOP.COM>
   2 10/14/16 12:00:18 yarn/tempt48@HADOOP.COM<mailto:tempt48@HADOOP.COM>
   2 10/14/16 12:00:18 yarn/tempt48@HADOOP.COM<mailto:tempt48@HADOOP.COM>
   2 10/14/16 12:00:19 yarn/tempt48@HADOOP.COM<mailto:tempt48@HADOOP.COM>
   2 10/14/16 12:00:19 yarn/tempt48@HADOOP.COM<mailto:tempt48@HADOOP.COM>


 Any help would be highly appreciated.

Best regards


Mime
View raw message