[jira] [Commented] (YARN-509) ResourceTrackerPB misses KerberosInfo annotation which renders YARN unusable on secure clusters

Tue, 26 Mar 2013 17:01:20 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13614710#comment-13614710
 ] 

Roman Shaposhnik commented on YARN-509:
---------------------------------------

This is from Bigtop testing so I can make the cluster available for you (I'll 
need your public ssh key -- please send it to me offline pref. PGP encoded). 
Now, to answer your questions:

bq. What is security.resourcetracker.protocol.acl set to in your 
hadoop-policy.xml?

${HADOOP_YARN_USER} which acording to the process environment translates to yarn

bq. What is yarn.nodemanager.principal in yarn-site.xml ?

yarn/_HOST@BIGTOP

bq. RMNMSecurityInfoClass.class and the text file 
org.apache.hadoop.security.SecurityInfo are on the classpath of ResourceManager?

Yes it is.

Please let me know if you need any more info or if you'd like to get access to 
the cluster.
                
> ResourceTrackerPB misses KerberosInfo annotation which renders YARN unusable 
> on secure clusters
> -----------------------------------------------------------------------------------------------
>
>                 Key: YARN-509
>                 URL: https://issues.apache.org/jira/browse/YARN-509
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 2.0.1-alpha
>         Environment: BigTop Kerberized cluster test environment
>            Reporter: Konstantin Boudnik
>            Priority: Blocker
>             Fix For: 3.0.0, 2.0.4-alpha
>
>
> During BigTop 0.6.0 release test cycle, [~rvs] came around the following 
> problem:
> {noformat}
> 013-03-26 15:37:03,573 FATAL
> org.apache.hadoop.yarn.server.nodemanager.NodeManager: Error starting
> NodeManager
> org.apache.hadoop.yarn.YarnException: Failed to Start
> org.apache.hadoop.yarn.server.nodemanager.NodeManager
>         at 
> org.apache.hadoop.yarn.service.CompositeService.start(CompositeService.java:78)
>         at 
> org.apache.hadoop.yarn.server.nodemanager.NodeManager.start(NodeManager.java:199)
>         at 
> org.apache.hadoop.yarn.server.nodemanager.NodeManager.initAndStartNodeManager(NodeManager.java:322)
>         at 
> org.apache.hadoop.yarn.server.nodemanager.NodeManager.main(NodeManager.java:359)
> Caused by: org.apache.avro.AvroRuntimeException:
> java.lang.reflect.UndeclaredThrowableException
>         at 
> org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl.start(NodeStatusUpdaterImpl.java:162)
>         at 
> org.apache.hadoop.yarn.service.CompositeService.start(CompositeService.java:68)
>         ... 3 more
> Caused by: java.lang.reflect.UndeclaredThrowableException
>         at 
> org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.unwrapAndThrowException(YarnRemoteExceptionPBImpl.java:128)
>         at 
> org.apache.hadoop.yarn.server.api.impl.pb.client.ResourceTrackerPBClientImpl.registerNodeManager(ResourceTrackerPBClientImpl.java:61)
>         at 
> org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl.registerWithRM(NodeStatusUpdaterImpl.java:199)
>         at 
> org.apache.hadoop.yarn.server.nodemanager.NodeStatusUpdaterImpl.start(NodeStatusUpdaterImpl.java:158)
>         ... 4 more
> Caused by: 
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User yarn/ip-10-46-37-244.ec2.internal@BIGTOP (auth:KERBEROS) is not
> authorized for protocol interface
> org.apache.hadoop.yarn.server.api.ResourceTrackerPB, expected client
> Kerberos principal is yarn/ip-10-46-37-244.ec2.internal@BIGTOP
>         at org.apache.hadoop.ipc.Client.call(Client.java:1235)
>         at 
> org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:202)
>         at $Proxy26.registerNodeManager(Unknown Source)
>         at 
> org.apache.hadoop.yarn.server.api.impl.pb.client.ResourceTrackerPBClientImpl.registerNodeManager(ResourceTrackerPBClientImpl.java:59)
>         ... 6 more
> {noformat}
> The most significant part is 
> {{User yarn/ip-10-46-37-244.ec2.internal@BIGTOP (auth:KERBEROS) is not 
> authorized for protocol interface  
> org.apache.hadoop.yarn.server.api.ResourceTrackerPB}} indicating that 
> ResourceTrackerPB hasn't been annotated with {{@KerberosInfo}} nor 
> {{@TokenInfo}}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to