Shen Yinjie created YARN-9510:
---------------------------------
Summary: Proxyuser access timeline and getdelegationtoken failed
without Timeline server restart
Key: YARN-9510
URL: https://issues.apache.org/jira/browse/YARN-9510
Project: Hadoop YARN
Issue Type: Improvement
Components: timelineserver
Affects Versions: 3.1.0
Reporter: Shen Yinjie
We add a proxyuser by changing "hadoop.proxyuser.xx.yy", and then execute yarn
rmadmin -refreshSuperUserGroupsConfiguration but didn't restart timeline
server.MR job will fail and throws :
Caused by:
org.apache.hadoop.security.authentication.client.AuthenticationException:
Authentication failed, URL:
http://hostname:8188/ws/v1/timeline/?op=GETDELEGATIONTOKEN&doAs=alluxio&renewer=rm%2Fhc1%40XXF&user.name=ambari-qa,
status: 403, message: Forbidden
at
org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:401)
at
org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:74)
at
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:147)
at
org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:213)
seems that proxyuser info in timeline server has not been refreshed.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
