[jira] [Created] (YARN-10669) Failed to renew token: Kind: TIMELINE_DELEGATION_TOKEN on RM switch and TS restart

Wed, 03 Mar 2021 22:57:15 -0800 

Sushanta Sen created YARN-10669:
-----------------------------------

             Summary: Failed to renew token: Kind: TIMELINE_DELEGATION_TOKEN on 
RM switch and TS restart
                 Key: YARN-10669
                 URL: https://issues.apache.org/jira/browse/YARN-10669
             Project: Hadoop YARN
          Issue Type: Bug
          Components: timelineservice
         Environment: 3 Nodes Hadoop Secure cluster with 3.1.1 version
            Reporter: Sushanta Sen


Using delegation token rather than the keytab of the user when submitting job 
to yarn. 
And this config yarn.timeline-service.enabled = true.
So addTimelineDelegationToken will be executed. My Job has submitted 
successfully, but the question is my job failed when I Switched RM and TS 
restart because TIMELINE_DELEGATION_TOKEN renew failed. 
Only RM switch and TS restart will reproduce the issue.

RM log snippet below:

{noformat}
2020-12-02 17:37:21,268 | WARN  | DelegationTokenRenewer #3402 | Unable to add 
the application to the delegation token renewer. | 
DelegationTokenRenewer.java:949
java.io.IOException: Failed to renew token: Kind: TIMELINE_DELEGATION_TOKEN, 
Service: 192.168.0.2:8190, Ident: (TIMELINE_DELEGATION_TOKEN owner=bnn, 
renewer=mapred, realUser=executor, issueDate=1606880472758, 
maxDate=1607485272758, sequenceNumber=11581, masterKeyId=13)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.handleAppSubmitEvent(DelegationTokenRenewer.java:508)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.access$1100(DelegationTokenRenewer.java:80)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.handleDTRenewerAppSubmitEvent(DelegationTokenRenewer.java:945)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$DelegationTokenRenewerRunnable.run(DelegationTokenRenewer.java:922)
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: java.io.IOException: HTTP status [403], message 
[org.apache.hadoop.security.token.SecretManager$InvalidToken: Unable to find 
master key for keyId=13 from cache. Failed to renew an unexpired token 
(TIMELINE_DELEGATION_TOKEN owner=bnn, renewer=mapred, realUser=executor, 
issueDate=1606880472758, maxDate=1607485272758, sequenceNumber=11581, 
masterKeyId=13) with sequenceNumber=11581]
        at 
org.apache.hadoop.util.HttpExceptionUtils.validateResponse(HttpExceptionUtils.java:174)
        at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.doDelegationTokenOperation(DelegationTokenAuthenticator.java:323)
        at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.renewDelegationToken(DelegationTokenAuthenticator.java:239)
        at 
org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticatedURL.renewDelegationToken(DelegationTokenAuthenticatedURL.java:426)
        at 
org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl$2.run(TimelineClientImpl.java:247)
        at 
org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl$2.run(TimelineClientImpl.java:227)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1729)
        at 
org.apache.hadoop.yarn.client.api.impl.TimelineConnector$TimelineClientRetryOpForOperateDelegationToken.run(TimelineConnector.java:431)
        at 
org.apache.hadoop.yarn.client.api.impl.TimelineConnector$TimelineClientConnectionRetry.retryOn(TimelineConnector.java:334)
        at 
org.apache.hadoop.yarn.client.api.impl.TimelineConnector.operateDelegationToken(TimelineConnector.java:218)
        at 
org.apache.hadoop.yarn.client.api.impl.TimelineClientImpl.renewDelegationToken(TimelineClientImpl.java:250)
        at 
org.apache.hadoop.yarn.security.client.TimelineDelegationTokenIdentifier$Renewer.renew(TimelineDelegationTokenIdentifier.java:81)
        at org.apache.hadoop.security.token.Token.renew(Token.java:490)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:634)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer$1.run(DelegationTokenRenewer.java:631)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:422)
        at 
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1729)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.renewToken(DelegationTokenRenewer.java:630)
        at 
org.apache.hadoop.yarn.server.resourcemanager.security.DelegationTokenRenewer.handleAppSubmitEvent(DelegationTokenRenewer.java:494)
{noformat}




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to