hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rohith Sharma K S (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-7701) RM fail to transition to ACTIVE in secure cluster
Date Thu, 04 Jan 2018 18:59:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-7701?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311855#comment-16311855
] 

Rohith Sharma K S commented on YARN-7701:
-----------------------------------------

Complete exception trace is. Initial user of RM JVM is _yarn_, but some point it got change
to _odsuser_
{noformat}
2017-12-20 11:55:03,231 WARN org.apache.hadoop.yarn.server.resourcemanager.AdminService: User
odsuser doesn't have permission to call 'refreshAdminAcls' 
2017-12-20 11:55:03,231 WARN org.apache.hadoop.yarn.server.resourcemanager.RMAuditLogger:
USER=odsuser OPERATION=refreshAdminAcls TARGET=AdminService 
RESULT=FAILURE DESCRIPTION=Unauthorized user PERMISSIONS= 
2017-12-20 11:55:03,231 ERROR org.apache.hadoop.yarn.server.resourcemanager.EmbeddedElectorService:
RM could not transition to Standby 
org.apache.hadoop.ha.ServiceFailedException: Can not execute refreshAdminAcls 
at org.apache.hadoop.yarn.server.resourcemanager.AdminService.transitionToStandby(AdminService.java:346)

at org.apache.hadoop.yarn.server.resourcemanager.EmbeddedElectorService.becomeStandby(EmbeddedElectorService.java:147)

at org.apache.hadoop.ha.ActiveStandbyElector.becomeStandby(ActiveStandbyElector.java:970)

at org.apache.hadoop.ha.ActiveStandbyElector.processResult(ActiveStandbyElector.java:480)

at org.apache.zookeeper.ClientCnxn$EventThread.processEvent(ClientCnxn.java:617) 
at org.apache.zookeeper.ClientCnxn$EventThread.run(ClientCnxn.java:510) 
Caused by: org.apache.hadoop.yarn.exceptions.YarnException: org.apache.hadoop.security.AccessControlException:
User odsuser doesn't have permission to call 'refreshAdminAcls' 
at org.apache.hadoop.yarn.ipc.RPCUtil.getRemoteException(RPCUtil.java:38) 
at org.apache.hadoop.yarn.server.resourcemanager.AdminService.checkAcls(AdminService.java:239)

at org.apache.hadoop.yarn.server.resourcemanager.AdminService.refreshAdminAcls(AdminService.java:476)

at org.apache.hadoop.yarn.server.resourcemanager.AdminService.transitionToStandby(AdminService.java:344)

... 5 more 
Caused by: org.apache.hadoop.security.AccessControlException: User odsuser doesn't have permission
to call 'refreshAdminAcls' 
at org.apache.hadoop.yarn.server.resourcemanager.RMServerUtils.verifyAdminAccess(RMServerUtils.java:191)

at org.apache.hadoop.yarn.server.resourcemanager.RMServerUtils.verifyAdminAccess(RMServerUtils.java:157)

at org.apache.hadoop.yarn.server.resourcemanager.AdminService.checkAccess(AdminService.java:232)

at org.apache.hadoop.yarn.server.resourcemanager.AdminService.checkAcls(AdminService.java:237)

... 7 more
{noformat}

> RM fail to transition to ACTIVE in secure cluster
> -------------------------------------------------
>
>                 Key: YARN-7701
>                 URL: https://issues.apache.org/jira/browse/YARN-7701
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>            Reporter: Rohith Sharma K S
>            Priority: Critical
>
> Both RM were running perfectly fine for many days and switched multiple times. At some
point of time when RM is switched from ACTIVE -> STANDBY, UGI information got either changed
or to subject new user got added.  
> As a result UGI#getShortUserName() is returning wrong user which result in fail to  transition
to ACTIVE with AccessControlException!
> {code}Caused by: org.apache.hadoop.security.AccessControlException: User odsuser doesn't
have permission to call 'refreshAdminAcls' 
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message