[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15612797#comment-15612797
]
Wangda Tan commented on YARN-3838:
--
This issue looks critical, [~sunilg], [~jianhe] could you look at the patch?
> Rest API failing when ip configured in RM address in secure https mode
> --
>
> Key: YARN-3838
> URL: https://issues.apache.org/jira/browse/YARN-3838
> Project: Hadoop YARN
> Issue Type: Bug
> Components: webapp
>Reporter: Bibin A Chundatt
>Assignee: Bibin A Chundatt
>Priority: Critical
> Labels: oct16-medium
> Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
> 0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch
>
>
> Steps to reproduce
> ===
> 1.Configure hadoop.http.authentication.kerberos.principal as below
> {code:xml}
>
> hadoop.http.authentication.kerberos.principal
> HTTP/_h...@hadoop.com
>
> {code}
> 2. In RM web address also configure IP
> 3. Startup RM
> Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
> /ws/v1/cluster/info"}}
> *Actual*
> Rest API failing
> {code}
> 2015-06-16 19:03:49,845 DEBUG
> org.apache.hadoop.security.authentication.server.AuthenticationFilter:
> Authentication exception: GSSException: No valid credentials provided
> (Mechanism level: Failed to find any Kerberos credentails)
> org.apache.hadoop.security.authentication.client.AuthenticationException:
> GSSException: No valid credentials provided (Mechanism level: Failed to find
> any Kerberos credentails)
> at
> org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
> at
> org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
> at
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
> at
> org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14635534#comment-14635534
]
Bibin A Chundatt commented on YARN-3838:
Hi [~xgong] any comments on this
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14619072#comment-14619072
]
Karthik Kambatla commented on YARN-3838:
I don't know my way around in this neck of the woods. [~vinodkv], [~xgong] know
a thing or two.
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14617927#comment-14617927
]
Bibin A Chundatt commented on YARN-3838:
Hi [~vinodkv] and [~kasha] could you provide your comments on this.
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14605086#comment-14605086
]
Bibin A Chundatt commented on YARN-3838:
[~jianhe] Could you please review patch if possible.
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14601565#comment-14601565
]
Hadoop QA commented on YARN-3838:
-
\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch | 16m 7s | Pre-patch trunk compilation is
healthy. |
| {color:green}+1{color} | @author | 0m 0s | The patch does not contain any
@author tags. |
| {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear
to include any new or modified tests. Please justify why no new tests are
needed for this patch. Also please list what manual steps were performed to
verify this patch. |
| {color:green}+1{color} | javac | 7m 35s | There were no new javac warning
messages. |
| {color:green}+1{color} | javadoc | 9m 36s | There were no new javadoc
warning messages. |
| {color:green}+1{color} | release audit | 0m 23s | The applied patch does
not increase the total number of release audit warnings. |
| {color:green}+1{color} | checkstyle | 0m 54s | There were no new checkstyle
issues. |
| {color:green}+1{color} | whitespace | 0m 0s | The patch has no lines that
end in whitespace. |
| {color:green}+1{color} | install | 1m 35s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse | 0m 33s | The patch built with
eclipse:eclipse. |
| {color:green}+1{color} | findbugs | 1m 34s | The patch does not introduce
any new Findbugs (version 3.0.0) warnings. |
| {color:green}+1{color} | yarn tests | 1m 57s | Tests passed in
hadoop-yarn-common. |
| | | 40m 19s | |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL |
http://issues.apache.org/jira/secure/attachment/12741889/0002-YARN-3838.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / bc43390 |
| hadoop-yarn-common test log |
https://builds.apache.org/job/PreCommit-YARN-Build/8348/artifact/patchprocess/testrun_hadoop-yarn-common.txt
|
| Test Results |
https://builds.apache.org/job/PreCommit-YARN-Build/8348/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output |
https://builds.apache.org/job/PreCommit-YARN-Build/8348/console |
This message was automatically generated.
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch, 0002-YARN-3838.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14597187#comment-14597187
]
Hadoop QA commented on YARN-3838:
-
\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch | 17m 52s | Pre-patch trunk compilation is
healthy. |
| {color:green}+1{color} | @author | 0m 0s | The patch does not contain any
@author tags. |
| {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear
to include any new or modified tests. Please justify why no new tests are
needed for this patch. Also please list what manual steps were performed to
verify this patch. |
| {color:green}+1{color} | javac | 7m 33s | There were no new javac warning
messages. |
| {color:green}+1{color} | javadoc | 9m 41s | There were no new javadoc
warning messages. |
| {color:green}+1{color} | release audit | 0m 23s | The applied patch does
not increase the total number of release audit warnings. |
| {color:red}-1{color} | checkstyle | 1m 34s | The applied patch generated 1
new checkstyle issues (total was 39, now 40). |
| {color:red}-1{color} | whitespace | 0m 0s | The patch has 2 line(s) that
end in whitespace. Use git apply --whitespace=fix. |
| {color:green}+1{color} | install | 1m 35s | mvn install still works. |
| {color:green}+1{color} | eclipse:eclipse | 0m 32s | The patch built with
eclipse:eclipse. |
| {color:green}+1{color} | findbugs | 3m 24s | The patch does not introduce
any new Findbugs (version 3.0.0) warnings. |
| {color:green}+1{color} | common tests | 22m 2s | Tests passed in
hadoop-common. |
| {color:green}+1{color} | yarn tests | 1m 56s | Tests passed in
hadoop-yarn-common. |
| | | 66m 50s | |
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL |
http://issues.apache.org/jira/secure/attachment/12740917/0001-YARN-3838.patch |
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 99271b7 |
| checkstyle |
https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/diffcheckstylehadoop-common.txt
|
| whitespace |
https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/whitespace.txt
|
| hadoop-common test log |
https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/testrun_hadoop-common.txt
|
| hadoop-yarn-common test log |
https://builds.apache.org/job/PreCommit-YARN-Build/8322/artifact/patchprocess/testrun_hadoop-yarn-common.txt
|
| Test Results |
https://builds.apache.org/job/PreCommit-YARN-Build/8322/testReport/ |
| Java | 1.7.0_55 |
| uname | Linux asf905.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP
PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux |
| Console output |
https://builds.apache.org/job/PreCommit-YARN-Build/8322/console |
This message was automatically generated.
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14595122#comment-14595122
]
Bibin A Chundatt commented on YARN-3838:
Added patch for review 0001-YARN-3838. Please do review
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0001-YARN-3838.patch, 0002-YARN-3810.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594801#comment-14594801
]
Bibin A Chundatt commented on YARN-3838:
Typo in earlier comments
{quote}
As per the discussion till now we should handle in HttpServer2
{quote}
As per the discussion till now we should handle in HttpServer2.builder
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: webapp
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0002-YARN-3810.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Commented] (YARN-3838) Rest API failing when ip configured in RM address in secure https mode
[
https://issues.apache.org/jira/browse/YARN-3838?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14594737#comment-14594737
]
Bibin A Chundatt commented on YARN-3838:
In case of resourcemanager the httpserver is started as below and the url used
is just the ip address
{{WebApps#start}}
{code}
HttpServer2.Builder builder = new HttpServer2.Builder()
.setName(name)
.addEndpoint(
URI.create(httpScheme + bindAddress
+ : + port)).setConf(conf).setFindPort(findPort)
.setACL(new AccessControlList(conf.get(
YarnConfiguration.YARN_ADMIN_ACL,
YarnConfiguration.DEFAULT_YARN_ADMIN_ACL)))
.setPathSpec(pathList.toArray(new String[0]));
{code}
Comparing the same to hdfs side for NameNode the URL is formed as below
{{DFSUtil#httpServerTemplateForNNAndJN}}
{code}
URI uri = URI.create(http://; + NetUtils.getHostPortString(httpAddr));
{code}
Seems like this is reason why there is a difference in both hdfs and yarn for
*REST api functionality when IP is configured in kerberos mode*. In case of
hdfs it works but yarn its doesnt.
Can we hange RM HTTPServer2.builder as velow
{code}
HttpServer2.Builder builder =
new HttpServer2.Builder()
.setName(name)
.addEndpoint(
URI.create(httpScheme
+ NetUtils.getHostPortString(new InetSocketAddress(
bindAddress, port
.setConf(conf)
.setFindPort(findPort)
.setACL(
new AccessControlList(conf.get(
YarnConfiguration.YARN_ADMIN_ACL,
YarnConfiguration.DEFAULT_YARN_ADMIN_ACL)))
.setPathSpec(pathList.toArray(new String[0]));
{code}
Please do correct me if i am wrong .
Rest API failing when ip configured in RM address in secure https mode
--
Key: YARN-3838
URL: https://issues.apache.org/jira/browse/YARN-3838
Project: Hadoop YARN
Issue Type: Bug
Components: security
Reporter: Bibin A Chundatt
Assignee: Bibin A Chundatt
Priority: Critical
Attachments: 0001-HADOOP-12096.patch, 0001-YARN-3810.patch,
0002-YARN-3810.patch
Steps to reproduce
===
1.Configure hadoop.http.authentication.kerberos.principal as below
{code:xml}
property
namehadoop.http.authentication.kerberos.principal/name
valueHTTP/_h...@hadoop.com/value
/property
{code}
2. In RM web address also configure IP
3. Startup RM
Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP
/ws/v1/cluster/info}}
*Actual*
Rest API failing
{code}
2015-06-16 19:03:49,845 DEBUG
org.apache.hadoop.security.authentication.server.AuthenticationFilter:
Authentication exception: GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos credentails)
org.apache.hadoop.security.authentication.client.AuthenticationException:
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos credentails)
at
org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at
org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at
org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82)
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
