Here's my sample for your reference ( If you are running unmanaged AM in
client side):
1. set token in UserGroupInformation
2. do the registration in the way of UserGroupInformation as following
try {
ugi.addToken(yarnClient.getAMRMToken(appId));
ugi.doAs(new PrivilegedExceptionAction<Void>() {
@Override
public Void run() throws Exception {
AMRMClient<ContainerRequest> amRMClient = AMRMClient
.createAMRMClient();
amRMClientAsync =
AMRMClientAsync.createAMRMClientAsync(amRMClient,
200, new InnerCallbackHandler());
amRMClientAsync.init(conf);
amRMClientAsync.start();
amRMClientAsync.registerApplicationMaster("localhost", 0, "url");
return null;
}
});
} catch (Throwable ex) {
ex.printStackTrace();
}
On Sun, Mar 16, 2014 at 8:19 PM, Oleg Zhurakousky <
oleg.zhurakou...@gmail.com> wrote:
> Thanks Jeff
>
> Yes I am using 2.3 and the issue is still there.
>
> Oleg
>
>
> On Sun, Mar 16, 2014 at 3:10 AM, Jeff Zhang <zjf...@gmail.com> wrote:
>
>> Hi Oleg,
>>
>> I meet the same issue when I start an unmanaged AM in client side in
>> thread way. The issue is in the code of hadoop-common-yarn. You could try
>> to use the code of hadoop-common-yarn of 2.3 instead of 2.2 This resolve
>> my problem at least.
>>
>>
>>
>>
>> On Sun, Mar 16, 2014 at 5:56 AM, Oleg Zhurakousky <
>> oleg.zhurakou...@gmail.com> wrote:
>>
>>> The bug you referring to is this i think
>>>
>>> https://issues.apache.org/jira/browse/YARN-945
>>>
>>> . . . and is not really the issue in my case, since my IPv6 is disabled.
>>>
>>> What I really want to know is why TOKEN is hard coded in ipc Server. I
>>> can't wait to hear the argument ;)
>>>
>>>
>>> Anyway, thanks for reply.
>>>
>>> Oleg
>>>
>>>
>>>
>>>
>>> On Sat, Mar 15, 2014 at 5:19 PM, Edward Capriolo
>>> <edlinuxg...@gmail.com>wrote:
>>>
>>>> There was a bug around this message that was fixed. I found another bug
>>>> I forgot to report. If your system is using ipv6 yarn get get confused over
>>>> the source/destination ips and throw this message at you. You can go in
>>>> your configuration files and specific a specfic address to bind. You can
>>>> also go into your hostfile and ensure localhost does not refer to an ipv6
>>>> address. Java also has a -D switch like preferIPV4 or something like that.
>>>>
>>>>
>>>> On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky <
>>>> oleg.zhurakou...@gmail.com> wrote:
>>>>
>>>>> So here is my dilemma.
>>>>>
>>>>> I am trying to register ApplicationMaster to a remote YARN cluster and
>>>>> I get
>>>>>
>>>>> Caused by:
>>>>> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
>>>>> SIMPLE authentication is not enabled. Available:[TOKEN]
>>>>>
>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1406)
>>>>>
>>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1359)
>>>>>
>>>>> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(
>>>>> ProtobufRpcEngine.java:206)
>>>>>
>>>>> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown Source)
>>>>>
>>>>> at
>>>>> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster(
>>>>> ApplicationMasterProtocolPBClientImpl.java:106)
>>>>> My security is explicitly set to SIMPLE and I can see it in my logs:
>>>>>
>>>>> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN,
>>>>> SIMPLE]
>>>>>
>>>>> What is unclear is why [TOKEN] get's there and when I say unclear, its
>>>>> actually very clear from the ipc Server code. The real question is why
>>>>> TOKEN is hard coded there in the first place for the cases when Secret
>>>>> Manager is present. Which also raises another question; How to disable
>>>>> Secret Manager.
>>>>>
>>>>> Cheers
>>>>> Oleg
>>>>>
>>>>>
>>>>
>>>
>>
>>
>> --
>> Best Regards
>>
>> Jeff Zhang
>>
>
>
--
Best Regards
Jeff Zhang
