Anyway, I've raised https://issues.apache.org/jira/browse/YARN-1841. This is pretty messed up and needs to be addressed.
Oleg On Sun, Mar 16, 2014 at 10:29 AM, Oleg Zhurakousky < [email protected]> wrote: > Also, in your code you provide application id. > I am trying to register ApplicationMaster: > > ApplicationMasterProtocol applicationsManager = > ClientRMProxy.createRMProxy(yarnConf, ApplicationMasterProtocol.class); > > RegisterApplicationMasterRequest request = > RegisterApplicationMasterRequest.newInstance("", 0, ""); > > RegisterApplicationMasterResponse response = > applicationsManager.registerApplicationMaster(request); > > > so at the time I don't have application id and line 3 throws the > exception. > > Oleg > > > On Sun, Mar 16, 2014 at 9:35 AM, Oleg Zhurakousky < > [email protected]> wrote: > >> Thanks Jeff. >> >> Got passed it, but still puzzled as to why TOKEN is hardcoded as >> authentication method. Shouldn't this decision be delegated to the end >> user. Seems very unconventional and awkward. >> >> Oleg >> >> >> On Sun, Mar 16, 2014 at 8:44 AM, Jeff Zhang <[email protected]> wrote: >> >>> Here's my sample for your reference ( If you are running unmanaged AM >>> in client side): >>> >>> 1. set token in UserGroupInformation >>> 2. do the registration in the way of UserGroupInformation as following >>> >>> try { >>> >>> ugi.addToken(yarnClient.getAMRMToken(appId)); >>> >>> ugi.doAs(new PrivilegedExceptionAction<Void>() { >>> >>> @Override >>> >>> public Void run() throws Exception { >>> >>> AMRMClient<ContainerRequest> amRMClient = AMRMClient >>> >>> .createAMRMClient(); >>> >>> amRMClientAsync = >>> AMRMClientAsync.createAMRMClientAsync(amRMClient, >>> >>> 200, new InnerCallbackHandler()); >>> >>> amRMClientAsync.init(conf); >>> >>> amRMClientAsync.start(); >>> >>> amRMClientAsync.registerApplicationMaster("localhost", 0, >>> "url"); >>> >>> return null; >>> >>> } >>> >>> }); >>> >>> } catch (Throwable ex) { >>> >>> ex.printStackTrace(); >>> >>> } >>> >>> >>> On Sun, Mar 16, 2014 at 8:19 PM, Oleg Zhurakousky < >>> [email protected]> wrote: >>> >>>> Thanks Jeff >>>> >>>> Yes I am using 2.3 and the issue is still there. >>>> >>>> Oleg >>>> >>>> >>>> On Sun, Mar 16, 2014 at 3:10 AM, Jeff Zhang <[email protected]> wrote: >>>> >>>>> Hi Oleg, >>>>> >>>>> I meet the same issue when I start an unmanaged AM in client side in >>>>> thread way. The issue is in the code of hadoop-common-yarn. You could try >>>>> to use the code of hadoop-common-yarn of 2.3 instead of 2.2 This resolve >>>>> my problem at least. >>>>> >>>>> >>>>> >>>>> >>>>> On Sun, Mar 16, 2014 at 5:56 AM, Oleg Zhurakousky < >>>>> [email protected]> wrote: >>>>> >>>>>> The bug you referring to is this i think >>>>>> >>>>>> https://issues.apache.org/jira/browse/YARN-945 >>>>>> >>>>>> . . . and is not really the issue in my case, since my IPv6 is >>>>>> disabled. >>>>>> >>>>>> What I really want to know is why TOKEN is hard coded in ipc Server. >>>>>> I can't wait to hear the argument ;) >>>>>> >>>>>> >>>>>> Anyway, thanks for reply. >>>>>> >>>>>> Oleg >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Sat, Mar 15, 2014 at 5:19 PM, Edward Capriolo < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> There was a bug around this message that was fixed. I found another >>>>>>> bug I forgot to report. If your system is using ipv6 yarn get get >>>>>>> confused >>>>>>> over the source/destination ips and throw this message at you. You can >>>>>>> go >>>>>>> in your configuration files and specific a specfic address to bind. You >>>>>>> can >>>>>>> also go into your hostfile and ensure localhost does not refer to an >>>>>>> ipv6 >>>>>>> address. Java also has a -D switch like preferIPV4 or something like >>>>>>> that. >>>>>>> >>>>>>> >>>>>>> On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> So here is my dilemma. >>>>>>>> >>>>>>>> I am trying to register ApplicationMaster to a remote YARN cluster >>>>>>>> and I get >>>>>>>> >>>>>>>> Caused by: >>>>>>>> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): >>>>>>>> SIMPLE authentication is not enabled. Available:[TOKEN] >>>>>>>> >>>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1406) >>>>>>>> >>>>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1359) >>>>>>>> >>>>>>>> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke( >>>>>>>> ProtobufRpcEngine.java:206) >>>>>>>> >>>>>>>> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown Source) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster( >>>>>>>> ApplicationMasterProtocolPBClientImpl.java:106) >>>>>>>> My security is explicitly set to SIMPLE and I can see it in my logs: >>>>>>>> >>>>>>>> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN, >>>>>>>> SIMPLE] >>>>>>>> >>>>>>>> What is unclear is why [TOKEN] get's there and when I say unclear, >>>>>>>> its actually very clear from the ipc Server code. The real question is >>>>>>>> why >>>>>>>> TOKEN is hard coded there in the first place for the cases when Secret >>>>>>>> Manager is present. Which also raises another question; How to disable >>>>>>>> Secret Manager. >>>>>>>> >>>>>>>> Cheers >>>>>>>> Oleg >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Best Regards >>>>> >>>>> Jeff Zhang >>>>> >>>> >>>> >>> >>> >>> -- >>> Best Regards >>> >>> Jeff Zhang >>> >> >> >
