[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15612797#comment-15612797 ] Wangda Tan commented on YARN-3838: -- This issue looks critical, [~sunilg], [~jianhe] could you look at the patch? > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3838 > URL: https://issues.apache.org/jira/browse/YARN-3838 > Project: Hadoop YARN > Issue Type: Bug > Components: webapp >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > Labels: oct16-medium > Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, > 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch > > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14635534#comment-14635534 ] Bibin A Chundatt commented on YARN-3838: Hi [~xgong] any comments on this Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14619072#comment-14619072 ] Karthik Kambatla commented on YARN-3838: I don't know my way around in this neck of the woods. [~vinodkv], [~xgong] know a thing or two. Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14617927#comment-14617927 ] Bibin A Chundatt commented on YARN-3838: Hi [~vinodkv] and [~kasha] could you provide your comments on this. Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14605086#comment-14605086 ] Bibin A Chundatt commented on YARN-3838: [~jianhe] Could you please review patch if possible. Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14601565#comment-14601565 ] Hadoop QA commented on YARN-3838: - \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 16m 7s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | | {color:green}+1{color} | javac | 7m 35s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 9m 36s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 23s | The applied patch does not increase the total number of release audit warnings. | | {color:green}+1{color} | checkstyle | 0m 54s | There were no new checkstyle issues. | | {color:green}+1{color} | whitespace | 0m 0s | The patch has no lines that end in whitespace. | | {color:green}+1{color} | install | 1m 35s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 33s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 1m 34s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. | | {color:green}+1{color} | yarn tests | 1m 57s | Tests passed in hadoop-yarn-common. | | | | 40m 19s | | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12741889/0002-YARN-3838.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / bc43390 | | hadoop-yarn-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/8348/artifact/patchprocess/testrun_hadoop-yarn-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8348/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8348/console | This message was automatically generated. Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14597187#comment-14597187 ] Hadoop QA commented on YARN-3838: - \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 17m 52s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | | {color:green}+1{color} | javac | 7m 33s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 9m 41s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 23s | The applied patch does not increase the total number of release audit warnings. | | {color:red}-1{color} | checkstyle | 1m 34s | The applied patch generated 1 new checkstyle issues (total was 39, now 40). | | {color:red}-1{color} | whitespace | 0m 0s | The patch has 2 line(s) that end in whitespace. Use git apply --whitespace=fix. | | {color:green}+1{color} | install | 1m 35s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 32s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 3m 24s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. | | {color:green}+1{color} | common tests | 22m 2s | Tests passed in hadoop-common. | | {color:green}+1{color} | yarn tests | 1m 56s | Tests passed in hadoop-yarn-common. | | | | 66m 50s | | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12740917/0001-YARN-3838.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / 99271b7 | | checkstyle | https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/diffcheckstylehadoop-common.txt | | whitespace | https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/whitespace.txt | | hadoop-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/testrun_hadoop-common.txt | | hadoop-yarn-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/testrun_hadoop-yarn-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8322/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8322/console | This message was automatically generated. Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14595122#comment-14595122 ] Bibin A Chundatt commented on YARN-3838: Added patch for review 0001-YARN-3838. Please do review Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0001-YARN-3838.patch, 0002-YARN-3810.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594801#comment-14594801 ] Bibin A Chundatt commented on YARN-3838: Typo in earlier comments {quote} As per the discussion till now we should handle in HttpServer2 {quote} As per the discussion till now we should handle in HttpServer2.builder Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: webapp Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0002-YARN-3810.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594737#comment-14594737 ] Bibin A Chundatt commented on YARN-3838: In case of resourcemanager the httpserver is started as below and the url used is just the ip address {{WebApps#start}} {code} HttpServer2.Builder builder = new HttpServer2.Builder() .setName(name) .addEndpoint( URI.create(httpScheme + bindAddress + : + port)).setConf(conf).setFindPort(findPort) .setACL(new AccessControlList(conf.get( YarnConfiguration.YARN_ADMIN_ACL, YarnConfiguration.DEFAULT_YARN_ADMIN_ACL))) .setPathSpec(pathList.toArray(new String[0])); {code} Comparing the same to hdfs side for NameNode the URL is formed as below {{DFSUtil#httpServerTemplateForNNAndJN}} {code} URI uri = URI.create(http://; + NetUtils.getHostPortString(httpAddr)); {code} Seems like this is reason why there is a difference in both hdfs and yarn for *REST api functionality when IP is configured in kerberos mode*. In case of hdfs it works but yarn its doesnt. Can we hange RM HTTPServer2.builder as velow {code} HttpServer2.Builder builder = new HttpServer2.Builder() .setName(name) .addEndpoint( URI.create(httpScheme + NetUtils.getHostPortString(new InetSocketAddress( bindAddress, port .setConf(conf) .setFindPort(findPort) .setACL( new AccessControlList(conf.get( YarnConfiguration.YARN_ADMIN_ACL, YarnConfiguration.DEFAULT_YARN_ADMIN_ACL))) .setPathSpec(pathList.toArray(new String[0])); {code} Please do correct me if i am wrong . Rest API failing when ip configured in RM address in secure https mode -- Key: YARN-3838 URL: https://issues.apache.org/jira/browse/YARN-3838 Project: Hadoop YARN Issue Type: Bug Components: security Reporter: Bibin A Chundatt Assignee: Bibin A Chundatt Priority: Critical Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch, 0002-YARN-3810.patch Steps to reproduce === 1.Configure hadoop.http.authentication.kerberos.principal as below {code:xml} property namehadoop.http.authentication.kerberos.principal/name valueHTTP/_h...@hadoop.com/value /property {code} 2. In RM web address also configure IP 3. Startup RM Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP /ws/v1/cluster/info}} *Actual* Rest API failing {code} 2015-06-16 19:03:49,845 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails) at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) at org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)