hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Varun Vasudev (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-2174) Enabling HTTPs for the writer REST API of TimelineServer
Date Tue, 19 Aug 2014 17:49:19 GMT

    [ https://issues.apache.org/jira/browse/YARN-2174?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14102528#comment-14102528
] 

Varun Vasudev commented on YARN-2174:
-------------------------------------

[~zjshen] is it possible to explicitly assert in the tests that the entities were posted using
https? If there is some wrong configuration, the configurator silently falls back to http
and the test will still pass. The reason I bring this up is that I saw a similar issue with
webhdfs today.

{noformat}
2014-08-19 09:54:51,398 DEBUG web.URLConnectionFactory (URLConnectionFactory.java:newDefaultURLConnectionFactory(86))
- Cannot load customized ssl related configuration. Fallback to system-generic settings.
java.io.FileNotFoundException: /etc/security/clientKeys/all.jks (No such file or directory)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:146)
        at org.apache.hadoop.security.ssl.ReloadingX509TrustManager.loadTrustManager(ReloadingX509TrustManager.java:164)
        at org.apache.hadoop.security.ssl.ReloadingX509TrustManager.<init>(ReloadingX509TrustManager.java:81)
        at org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory.init(FileBasedKeyStoresFactory.java:207)
        at org.apache.hadoop.security.ssl.SSLFactory.init(SSLFactory.java:121)
        at org.apache.hadoop.hdfs.web.URLConnectionFactory.newSslConnConfigurator(URLConnectionFactory.java:109)
        at org.apache.hadoop.hdfs.web.URLConnectionFactory.newDefaultURLConnectionFactory(URLConnectionFactory.java:84)
        at org.apache.hadoop.hdfs.web.WebHdfsFileSystem.initialize(WebHdfsFileSystem.java:149)
        at org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:2596)
        at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:91)
        at org.apache.hadoop.fs.FileSystem$Cache.getInternal(FileSystem.java:2630)
        at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:2612)
        at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:370)
        at org.apache.hadoop.hdfs.web.TokenAspect$TokenManager.getInstance(TokenAspect.java:86)
        at org.apache.hadoop.hdfs.web.TokenAspect$TokenManager.renew(TokenAspect.java:71)
        at org.apache.hadoop.security.token.Token.renew(Token.java:377)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:478)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:475)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1614)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.renewToken(DelegationTokenRenewer.java:474)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.handleAppSubmitEvent(DelegationTokenRenewer.java:392)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.access$500(DelegationTokenRenewer.java:70)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.handleDTRenewerAppSubmitEvent(DelegationTokenRenewer.java:658)
        at org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.run(DelegationTokenRenewer.java:639)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
{noformat}

Note that the log is a debug log. In a production scenario, you'll never know. Just want to
make sure that we don't end up testing the http workflow because of a misconfiguration.

> Enabling HTTPs for the writer REST API of TimelineServer
> --------------------------------------------------------
>
>                 Key: YARN-2174
>                 URL: https://issues.apache.org/jira/browse/YARN-2174
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2174.1.patch, YARN-2174.2.patch
>
>
> Since we'd like to allow the application to put the timeline data at the client, the
AM and even the containers, we need to provide the way to distribute the keystore.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message