Berry Österlund created YARN-7922:

             Summary: Yarn dont resolve rm/_HOST to hostname
                 Key: YARN-7922
             Project: Hadoop YARN
          Issue Type: Bug
          Components: yarn
    Affects Versions: 2.7.3
            Reporter: Berry Österlund

The normal auth_to_local usually removes everything after the / in the username 
of the Kerberos principle. That, together with the _HOST setting in the 
configuration files specifying the Kerberos principles is usually what is 
required to convert rm/_HOST@<REALM> to user yarn.

In our environment, we cant use the default rules in auth_to_local. We have to 
specify each and every host and only convert those specifically. In other 
words, we don’t have the DEFAULT rule in auth_to_local. Ideally, the config for 
us would be the following
But if we use only that configuration, the servicecheck in Ambari failes with 
the following exception.
org.apache.hadoop.yarn.exceptions.YarnException: Failed to submit 
application_1518422080198_0002 to YARN : Failed to renew token: Kind: 
HDFS_DELEGATION_TOKEN, Service: ha-hdfs:devhadoop, Ident: 
(HDFS_DELEGATION_TOKEN token 11096 for ambari-qa)

Inside the RM’s logfile, I can find the following.
Caused by: yarn tries to 
renew a token with renewer rm/_HOST@<REALM>
Adding the following rule to auth_to_local solves the problem

The client used to test this is executed with the following command

 yarn org.apache.hadoop.yarn.applications.distributedshell.Client 
-shell_command ls -num_containers 1 -jar 
 -timeout 300000 --queue <YARN_QUEUE>

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to