[jira] [Commented] (TEZ-4205) Support RM delegation token

Sat, 09 Jan 2021 03:42:07 -0800 


    [ 
https://issues.apache.org/jira/browse/TEZ-4205?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17261850#comment-17261850
 ] 

Hadoop QA commented on TEZ-4205:
--------------------------------

| (/) *{color:green}+1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 10m 
58s{color} | {color:blue} Docker mode activated. {color} |
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} dupname {color} | {color:green}  0m  
0s{color} | {color:green} No case conflicting files found. {color} |
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green}  0m 
 0s{color} | {color:green} The patch appears to include 2 new or modified test 
files. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue}  0m 
36s{color} | {color:blue} Maven dependency ordering for branch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  4m 
21s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  1m  
0s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
57s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  1m  
8s{color} | {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} spotbugs {color} | {color:blue}  1m  
9s{color} | {color:blue} Used deprecated FindBugs config; considering switching 
to SpotBugs. {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  2m  
7s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue}  0m  
9s{color} | {color:blue} Maven dependency ordering for patch {color} |
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  0m 
36s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  0m 
35s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  0m 
35s{color} | {color:green} the patch passed {color} |
| {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange}  
0m 13s{color} | {color:orange} tez-api: The patch generated 1 new + 106 
unchanged - 0 fixed = 107 total (was 106) {color} |
| {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange}  
0m 16s{color} | {color:orange} tez-dag: The patch generated 3 new + 28 
unchanged - 0 fixed = 31 total (was 28) {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
42s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} findbugs {color} | {color:green}  1m 
58s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  1m 
47s{color} | {color:green} tez-api in the patch passed. {color} |
| {color:green}+1{color} | {color:green} unit {color} | {color:green}  4m 
11s{color} | {color:green} tez-dag in the patch passed. {color} |
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
17s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 32m 54s{color} | 
{color:black} {color} |
\\
\\
|| Subsystem || Report/Notes ||
| Docker | ClientAPI=1.41 ServerAPI=1.41 base: 
https://ci-hadoop.apache.org/job/PreCommit-TEZ-Build/78/artifact/out/Dockerfile 
|
| JIRA Issue | TEZ-4205 |
| JIRA Patch URL | 
https://issues.apache.org/jira/secure/attachment/13018419/TEZ-4205.02.patch |
| Optional Tests | dupname asflicense javac javadoc unit spotbugs findbugs 
checkstyle compile |
| uname | Linux b9ba13416ad2 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 
23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | maven |
| Personality | personality/tez.sh |
| git revision | master / 849e1d769 |
| Default Java | Private Build-1.8.0_275-8u275-b01-0ubuntu1~18.04-b01 |
| checkstyle | 
https://ci-hadoop.apache.org/job/PreCommit-TEZ-Build/78/artifact/out/diff-checkstyle-tez-api.txt
 |
| checkstyle | 
https://ci-hadoop.apache.org/job/PreCommit-TEZ-Build/78/artifact/out/diff-checkstyle-tez-dag.txt
 |
|  Test Results | 
https://ci-hadoop.apache.org/job/PreCommit-TEZ-Build/78/testReport/ |
| Max. process+thread count | 260 (vs. ulimit of 5500) |
| modules | C: tez-api tez-dag U: . |
| Console output | 
https://ci-hadoop.apache.org/job/PreCommit-TEZ-Build/78/console |
| versions | git=2.17.1 maven=3.6.0 findbugs=3.0.1 |
| Powered by | Apache Yetus 0.12.0 https://yetus.apache.org |


This message was automatically generated.



> Support RM delegation token
> ---------------------------
>
>                 Key: TEZ-4205
>                 URL: https://issues.apache.org/jira/browse/TEZ-4205
>             Project: Apache Tez
>          Issue Type: Improvement
>            Reporter: Eugene Chung
>            Assignee: Eugene Chung
>            Priority: Major
>         Attachments: TEZ-4205-0.9.2.patch, TEZ-4205.01.patch, 
> TEZ-4205.02.patch
>
>
> I have a requirement to get some information from YARN Resource Manager. 
> (e.g.  NodeReports 
> [https://hadoop.apache.org/docs/r3.1.0/api/org/apache/hadoop/yarn/api/records/NodeReport.html]
>  )
> But on the kerberized cluster, I can't do it because of kerberos 
> authentication failure. 
> {code:java}
> 2020-05-26 14:29:03,044 [ERROR] [InputInitializer {Map 1} #0] 
> |mapreduce.MyInputFormat|: getNodeReports error 
> java.io.IOException: DestHost:destPort my-rm-address:9050 , 
> LocalHost:localPort my-node-address:0. Failed on local exception: 
> java.io.IOException: org.apache.hadoop.security.AccessControlException: 
> Client cannot authenticate via:[TOKEN, KERBEROS]
>  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>  at 
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
>  at 
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>  at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
>  at org.apache.hadoop.net.NetUtils.wrapWithMessage(NetUtils.java:831)
>  at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:806)
>  at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1495)
>  at org.apache.hadoop.ipc.Client.call(Client.java:1437)
>  at org.apache.hadoop.ipc.Client.call(Client.java:1347)
>  at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:228)
>  at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:116)
>  at com.sun.proxy.$Proxy54.getClusterNodes(Unknown Source)
>  at 
> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationClientProtocolPBClientImpl.getClusterNodes(ApplicationClientProtocolPBClientImpl.java:319)
>  at sun.reflect.GeneratedMethodAccessor30.invoke(Unknown Source)
>  at 
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  at java.lang.reflect.Method.invoke(Method.java:498)
>  at 
> org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:422)
>  at 
> org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeMethod(RetryInvocationHandler.java:165)
>  at 
> org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invoke(RetryInvocationHandler.java:157)
>  at 
> org.apache.hadoop.io.retry.RetryInvocationHandler$Call.invokeOnce(RetryInvocationHandler.java:95)
>  at 
> org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:359)
>  at com.sun.proxy.$Proxy55.getClusterNodes(Unknown Source)
>  at 
> org.apache.hadoop.yarn.client.api.impl.YarnClientImpl.getNodeReports(YarnClientImpl.java:614)
>  ...
>  at com.naver.mapreduce.MyInputFormat.getSplits(MyInputFormat.java:537)
>  ...
>  at 
> org.apache.hadoop.hive.ql.io.HiveInputFormat.addSplitsForGroup(HiveInputFormat.java:512)
>  at 
> org.apache.hadoop.hive.ql.io.HiveInputFormat.getSplits(HiveInputFormat.java:781)
>  at 
> org.apache.hadoop.hive.ql.exec.tez.HiveSplitGenerator.initialize(HiveSplitGenerator.java:243)
>  at 
> org.apache.tez.dag.app.dag.RootInputInitializerManager$InputInitializerCallable$1.run(RootInputInitializerManager.java:278)
>  at 
> org.apache.tez.dag.app.dag.RootInputInitializerManager$InputInitializerCallable$1.run(RootInputInitializerManager.java:269)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1682)
>  at 
> org.apache.tez.dag.app.dag.RootInputInitializerManager$InputInitializerCallable.call(RootInputInitializerManager.java:269)
>  at 
> org.apache.tez.dag.app.dag.RootInputInitializerManager$InputInitializerCallable.call(RootInputInitializerManager.java:253)
>  at 
> com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:108)
>  at 
> com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:41)
>  at 
> com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:77)
>  at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
>  at java.lang.Thread.run(Thread.java:745)
> Caused by: java.io.IOException: 
> org.apache.hadoop.security.AccessControlException: Client cannot authenticate 
> via:[TOKEN, KERBEROS]
>  at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:755)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1682)
>  at 
> org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:718)
>  at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:811)
>  at org.apache.hadoop.ipc.Client$Connection.access$3500(Client.java:409)
>  at org.apache.hadoop.ipc.Client.getConnection(Client.java:1552)
>  at org.apache.hadoop.ipc.Client.call(Client.java:1383)
>  ... 35 more
> Caused by: org.apache.hadoop.security.AccessControlException: Client cannot 
> authenticate via:[TOKEN, KERBEROS]
>  at 
> org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:173)
>  at 
> org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:390)
>  at 
> org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:613)
>  at org.apache.hadoop.ipc.Client$Connection.access$2200(Client.java:409)
>  at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:798)
>  at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:794)
>  at java.security.AccessController.doPrivileged(Native Method)
>  at javax.security.auth.Subject.doAs(Subject.java:422)
>  at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1682)
>  at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:794)
>  ... 38 more{code}
>  
> So I implemented the feature that generates RM delegation token at Tez client 
> side like  https://issues.apache.org/jira/browse/TEZ-4032.
> I borrowed the main code fragment from here, slider 
> [https://github.com/apache/incubator-retired-slider/blob/1d4f519d763210f46e327338be72efa99e65cb5d/slider-core/src/main/java/org/apache/slider/core/launch/CredentialUtils.java#L257-L269]
>  which considers RM single/HA case using RM delegation token service.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to