hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roman Shaposhnik (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-509) ResourceTrackerPB misses KerberosInfo annotation which renders YARN unusable on secure clusters
Date Wed, 27 Mar 2013 00:01:19 GMT

    [ https://issues.apache.org/jira/browse/YARN-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13614710#comment-13614710
] 

Roman Shaposhnik commented on YARN-509:
---------------------------------------

This is from Bigtop testing so I can make the cluster available for you (I'll need your public
ssh key -- please send it to me offline pref. PGP encoded). Now, to answer your questions:

bq. What is security.resourcetracker.protocol.acl set to in your hadoop-policy.xml?

${HADOOP_YARN_USER} which acording to the process environment translates to yarn

bq. What is yarn.nodemanager.principal in yarn-site.xml ?

yarn/_HOST@BIGTOP

bq. RMNMSecurityInfoClass.class and the text file org.apache.hadoop.security.SecurityInfo
are on the classpath of ResourceManager?

Yes it is.

Please let me know if you need any more info or if you'd like to get access to the cluster.
                
> ResourceTrackerPB misses KerberosInfo annotation which renders YARN unusable on secure
clusters
> -----------------------------------------------------------------------------------------------
>
>                 Key: YARN-509
>                 URL: https://issues.apache.org/jira/browse/YARN-509
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.0.1-alpha
>         Environment: BigTop Kerberized cluster test environment
>            Reporter: Konstantin Boudnik
>            Priority: Blocker
>             Fix For: 3.0.0, 2.0.4-alpha
>
>
> During BigTop 0.6.0 release test cycle, [~rvs] came around the following problem:
> {noformat}
> 013-03-26 15:37:03,573 FATAL
> org.apache.hadoop.yarn.server.nodemanager.NodeManager: Error starting
> NodeManager
> org.apache.hadoop.yarn.YarnException: Failed to Start
> org.apache.hadoop.yarn.server.nodemanager.NodeManager
>         at org.apache.hadoop.yarn.service.CompositeService.start(CompositeService.java:78)
>         at org.apache.hadoop.yarn.server.nodemanager.NodeManager.start(NodeManager.java:199)
>         at org.apache.hadoop.yarn.server.nodemanager.NodeManager.initAndStartNodeManager(NodeManager.java:322)
>         at org.apache.hadoop.yarn.server.nodemanager.NodeManager.main(NodeManager.java:359)
> Caused by: org.apache.avro.AvroRuntimeException:
> java.lang.reflect.UndeclaredThrowableException
>         at org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl.start(NodeStatusUpdaterImpl.java:162)
>         at org.apache.hadoop.yarn.service.CompositeService.start(CompositeService.java:68)
>         ... 3 more
> Caused by: java.lang.reflect.UndeclaredThrowableException
>         at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.unwrapAndThrowException(YarnRemoteExceptionPBImpl.java:128)
>         at org.apache.hadoop.yarn.server.api.impl.pb.client.ResourceTrackerPBClientImpl.registerNodeManager(ResourceTrackerPBClientImpl.java:61)
>         at org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl.registerWithRM(NodeStatusUpdaterImpl.java:199)
>         at org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl.start(NodeStatusUpdaterImpl.java:158)
>         ... 4 more
> Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User yarn/ip-10-46-37-244.ec2.internal@BIGTOP (auth:KERBEROS) is not
> authorized for protocol interface
> org.apache.hadoop.yarn.server.api.ResourceTrackerPB, expected client
> Kerberos principal is yarn/ip-10-46-37-244.ec2.internal@BIGTOP
>         at org.apache.hadoop.ipc.Client.call(Client.java:1235)
>         at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:202)
>         at $Proxy26.registerNodeManager(Unknown Source)
>         at org.apache.hadoop.yarn.server.api.impl.pb.client.ResourceTrackerPBClientImpl.registerNodeManager(ResourceTrackerPBClientImpl.java:59)
>         ... 6 more
> {noformat}
> The most significant part is 
> {{User yarn/ip-10-46-37-244.ec2.internal@BIGTOP (auth:KERBEROS) is not authorized for
protocol interface  org.apache.hadoop.yarn.server.api.ResourceTrackerPB}} indicating that
ResourceTrackerPB hasn't been annotated with {{@KerberosInfo}} nor {{@TokenInfo}}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message