[jira] [Commented] (YARN-3810) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14589045#comment-14589045 ] Akira AJISAKA commented on YARN-3810: - Yes, you should move this jira to common if the fix is in hadoop-common-project. > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3810 > URL: https://issues.apache.org/jira/browse/YARN-3810 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > Attachments: 0001-YARN-3810.patch, 0002-YARN-3810.patch > > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3810) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14589034#comment-14589034 ] Bibin A Chundatt commented on YARN-3810: Any comments on the same ? [~ajisakaa] Should i move to common? > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3810 > URL: https://issues.apache.org/jira/browse/YARN-3810 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > Attachments: 0001-YARN-3810.patch, 0002-YARN-3810.patch > > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3810) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14588733#comment-14588733 ] Varun Saxena commented on YARN-3810: If fix is in {{HttpServer2}}, the issue can be moved to HADOOP common. > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3810 > URL: https://issues.apache.org/jira/browse/YARN-3810 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > Attachments: 0001-YARN-3810.patch, 0002-YARN-3810.patch > > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3810) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14588532#comment-14588532 ] Hadoop QA commented on YARN-3810: - \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 16m 34s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | | {color:green}+1{color} | javac | 7m 36s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 9m 46s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 22s | The applied patch does not increase the total number of release audit warnings. | | {color:green}+1{color} | checkstyle | 1m 5s | There were no new checkstyle issues. | | {color:green}+1{color} | whitespace | 0m 0s | The patch has no lines that end in whitespace. | | {color:green}+1{color} | install | 1m 34s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 33s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 1m 51s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. | | {color:red}-1{color} | common tests | 22m 14s | Tests failed in hadoop-common. | | | | 61m 38s | | \\ \\ || Reason || Tests || | Failed unit tests | hadoop.fs.shell.TestCount | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12739913/0002-YARN-3810.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / b039e69 | | hadoop-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/8265/artifact/patchprocess/testrun_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8265/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf907.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8265/console | This message was automatically generated. > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3810 > URL: https://issues.apache.org/jira/browse/YARN-3810 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > Attachments: 0001-YARN-3810.patch, 0002-YARN-3810.patch > > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3810) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14588507#comment-14588507 ] Hadoop QA commented on YARN-3810: - \\ \\ | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | pre-patch | 16m 31s | Pre-patch trunk compilation is healthy. | | {color:green}+1{color} | @author | 0m 0s | The patch does not contain any @author tags. | | {color:red}-1{color} | tests included | 0m 0s | The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. | | {color:green}+1{color} | javac | 7m 35s | There were no new javac warning messages. | | {color:green}+1{color} | javadoc | 9m 41s | There were no new javadoc warning messages. | | {color:green}+1{color} | release audit | 0m 23s | The applied patch does not increase the total number of release audit warnings. | | {color:red}-1{color} | checkstyle | 1m 6s | The applied patch generated 1 new checkstyle issues (total was 63, now 64). | | {color:green}+1{color} | whitespace | 0m 0s | The patch has no lines that end in whitespace. | | {color:green}+1{color} | install | 1m 31s | mvn install still works. | | {color:green}+1{color} | eclipse:eclipse | 0m 34s | The patch built with eclipse:eclipse. | | {color:green}+1{color} | findbugs | 1m 51s | The patch does not introduce any new Findbugs (version 3.0.0) warnings. | | {color:red}-1{color} | common tests | 22m 39s | Tests failed in hadoop-common. | | | | 61m 55s | | \\ \\ || Reason || Tests || | Failed unit tests | hadoop.fs.shell.TestCount | \\ \\ || Subsystem || Report/Notes || | Patch URL | http://issues.apache.org/jira/secure/attachment/12739903/0001-YARN-3810.patch | | Optional Tests | javadoc javac unit findbugs checkstyle | | git revision | trunk / b039e69 | | checkstyle | https://builds.apache.org/job/PreCommit-YARN-Build/8264/artifact/patchprocess/diffcheckstylehadoop-common.txt | | hadoop-common test log | https://builds.apache.org/job/PreCommit-YARN-Build/8264/artifact/patchprocess/testrun_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-YARN-Build/8264/testReport/ | | Java | 1.7.0_55 | | uname | Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux | | Console output | https://builds.apache.org/job/PreCommit-YARN-Build/8264/console | This message was automatically generated. > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3810 > URL: https://issues.apache.org/jira/browse/YARN-3810 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > Attachments: 0001-YARN-3810.patch, 0002-YARN-3810.patch > > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (YARN-3810) Rest API failing when ip configured in RM address in secure https mode
[ https://issues.apache.org/jira/browse/YARN-3810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14588285#comment-14588285 ] Bibin A Chundatt commented on YARN-3810: Analysis {{KerberosAuthenticationHandler#serverSubject}} initialized with *HTTP/@HADOOP.COM* because {{HttpServer2#hostname}} is not resolved as hostname in {{HttpServer2#build()}} {code} if (hostName == null) { hostName = endpoints.get(0).getHost(); } {code} Since the same is initialized as IP in {{HttpServer2#initSpnego}} "kerberos.principal" will be set as *"HTTP/@HADOOP.COM"* > Rest API failing when ip configured in RM address in secure https mode > -- > > Key: YARN-3810 > URL: https://issues.apache.org/jira/browse/YARN-3810 > Project: Hadoop YARN > Issue Type: Bug >Reporter: Bibin A Chundatt >Assignee: Bibin A Chundatt >Priority: Critical > > Steps to reproduce > === > 1.Configure hadoop.http.authentication.kerberos.principal as below > {code:xml} > > hadoop.http.authentication.kerberos.principal > HTTP/_h...@hadoop.com > > {code} > 2. In RM web address also configure IP > 3. Startup RM > Call Rest API for RM {{ curl -i -k --insecure --negotiate -u : https IP > /ws/v1/cluster/info"}} > *Actual* > Rest API failing > {code} > 2015-06-16 19:03:49,845 DEBUG > org.apache.hadoop.security.authentication.server.AuthenticationFilter: > Authentication exception: GSSException: No valid credentials provided > (Mechanism level: Failed to find any Kerberos credentails) > org.apache.hadoop.security.authentication.client.AuthenticationException: > GSSException: No valid credentials provided (Mechanism level: Failed to find > any Kerberos credentails) > at > org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:399) > at > org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348) > at > org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519) > at > org.apache.hadoop.yarn.server.security.http.RMAuthenticationFilter.doFilter(RMAuthenticationFilter.java:82) > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)