Tarun Parimi created YARN-10339:
-----------------------------------
Summary: Timeline Client in Nodemanager gets 403 errors when
simple auth is used in kerberos environments
Key: YARN-10339
URL: https://issues.apache.org/jira/browse/YARN-10339
Project: Hadoop YARN
Issue Type: Bug
Components: timelineclient
Affects Versions: 3.1.0
Reporter: Tarun Parimi
Assignee: Tarun Parimi
We get below errors in NodeManager logs whenever we set
yarn.timeline-service.http-authentication.type=simple in a cluster which has
kerberos enabled. There are use cases where simple auth is used only in
timeline server for convenience although kerberos is enabled.
{code:java}
2020-05-20 20:06:30,181 ERROR impl.TimelineV2ClientImpl
(TimelineV2ClientImpl.java:putObjects(321)) - Response from the timeline server
is not successful, HTTP error code: 403, Server response:
{"exception":"ForbiddenException","message":"java.lang.Exception: The owner of
the posted timeline entities is not
set","javaClassName":"org.apache.hadoop.yarn.webapp.ForbiddenException"}
{code}
This seems to affect the NM timeline publisher which uses TimelineV2ClientImpl.
Doing a simple auth directly to timeline service via curl works fine. So this
issue is in the authenticator configuration in timeline client.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
