hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Berry Österlund (JIRA) <j...@apache.org>
Subject [jira] [Created] (YARN-7922) Yarn dont resolve rm/_HOST to hostname
Date Mon, 12 Feb 2018 09:18:00 GMT
Berry Österlund created YARN-7922:

             Summary: Yarn dont resolve rm/_HOST to hostname
                 Key: YARN-7922
                 URL: https://issues.apache.org/jira/browse/YARN-7922
             Project: Hadoop YARN
          Issue Type: Bug
          Components: yarn
    Affects Versions: 2.7.3
            Reporter: Berry Österlund

The normal auth_to_local usually removes everything after the / in the username of the Kerberos
principle. That, together with the _HOST setting in the configuration files specifying the
Kerberos principles is usually what is required to convert rm/_HOST@<REALM> to user

In our environment, we cant use the default rules in auth_to_local. We have to specify each
and every host and only convert those specifically. In other words, we don’t have the DEFAULT
rule in auth_to_local. Ideally, the config for us would be the following
But if we use only that configuration, the servicecheck in Ambari failes with the following
org.apache.hadoop.yarn.exceptions.YarnException: Failed to submit application_1518422080198_0002
to YARN : Failed to renew token: Kind: HDFS_DELEGATION_TOKEN, Service: ha-hdfs:devhadoop,
Ident: (HDFS_DELEGATION_TOKEN token 11096 for ambari-qa)
at org.apache.hadoop.yarn.client.api.impl.YarnClientImpl.submitApplication(YarnClientImpl.java:272)
at org.apache.hadoop.yarn.applications.distributedshell.Client.run(Client.java:708)
at org.apache.hadoop.yarn.applications.distributedshell.Client.main(Client.java:215)

Inside the RM’s logfile, I can find the following.
Caused by: org.apache.hadoop.security.AccessControlException: yarn tries to renew a token
with renewer rm/_HOST@<REALM>
Adding the following rule to auth_to_local solves the problem

The client used to test this is executed with the following command

 yarn org.apache.hadoop.yarn.applications.distributedshell.Client -shell_command ls -num_containers
1 -jar /usr/hdp/current/hadoop-yarn-client/hadoop-yarn-applications-distributedshell.jar -timeout
300000 --queue <YARN_QUEUE>

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message