Here's my sample for your reference ( If you are running unmanaged AM in client side):
1. set token in UserGroupInformation 2. do the registration in the way of UserGroupInformation as following try { ugi.addToken(yarnClient.getAMRMToken(appId)); ugi.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws Exception { AMRMClient<ContainerRequest> amRMClient = AMRMClient .createAMRMClient(); amRMClientAsync = AMRMClientAsync.createAMRMClientAsync(amRMClient, 200, new InnerCallbackHandler()); amRMClientAsync.init(conf); amRMClientAsync.start(); amRMClientAsync.registerApplicationMaster("localhost", 0, "url"); return null; } }); } catch (Throwable ex) { ex.printStackTrace(); } On Sun, Mar 16, 2014 at 8:19 PM, Oleg Zhurakousky < oleg.zhurakou...@gmail.com> wrote: > Thanks Jeff > > Yes I am using 2.3 and the issue is still there. > > Oleg > > > On Sun, Mar 16, 2014 at 3:10 AM, Jeff Zhang <zjf...@gmail.com> wrote: > >> Hi Oleg, >> >> I meet the same issue when I start an unmanaged AM in client side in >> thread way. The issue is in the code of hadoop-common-yarn. You could try >> to use the code of hadoop-common-yarn of 2.3 instead of 2.2 This resolve >> my problem at least. >> >> >> >> >> On Sun, Mar 16, 2014 at 5:56 AM, Oleg Zhurakousky < >> oleg.zhurakou...@gmail.com> wrote: >> >>> The bug you referring to is this i think >>> >>> https://issues.apache.org/jira/browse/YARN-945 >>> >>> . . . and is not really the issue in my case, since my IPv6 is disabled. >>> >>> What I really want to know is why TOKEN is hard coded in ipc Server. I >>> can't wait to hear the argument ;) >>> >>> >>> Anyway, thanks for reply. >>> >>> Oleg >>> >>> >>> >>> >>> On Sat, Mar 15, 2014 at 5:19 PM, Edward Capriolo >>> <edlinuxg...@gmail.com>wrote: >>> >>>> There was a bug around this message that was fixed. I found another bug >>>> I forgot to report. If your system is using ipv6 yarn get get confused over >>>> the source/destination ips and throw this message at you. You can go in >>>> your configuration files and specific a specfic address to bind. You can >>>> also go into your hostfile and ensure localhost does not refer to an ipv6 >>>> address. Java also has a -D switch like preferIPV4 or something like that. >>>> >>>> >>>> On Sat, Mar 15, 2014 at 4:18 PM, Oleg Zhurakousky < >>>> oleg.zhurakou...@gmail.com> wrote: >>>> >>>>> So here is my dilemma. >>>>> >>>>> I am trying to register ApplicationMaster to a remote YARN cluster and >>>>> I get >>>>> >>>>> Caused by: >>>>> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): >>>>> SIMPLE authentication is not enabled. Available:[TOKEN] >>>>> >>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1406) >>>>> >>>>> at org.apache.hadoop.ipc.Client.call(Client.java:1359) >>>>> >>>>> at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke( >>>>> ProtobufRpcEngine.java:206) >>>>> >>>>> at com.sun.proxy.$Proxy7.registerApplicationMaster(Unknown Source) >>>>> >>>>> at >>>>> org.apache.hadoop.yarn.api.impl.pb.client.ApplicationMasterProtocolPBClientImpl.registerApplicationMaster( >>>>> ApplicationMasterProtocolPBClientImpl.java:106) >>>>> My security is explicitly set to SIMPLE and I can see it in my logs: >>>>> >>>>> org.apache.hadoop.ipc.Server: Server accepts auth methods:[TOKEN, >>>>> SIMPLE] >>>>> >>>>> What is unclear is why [TOKEN] get's there and when I say unclear, its >>>>> actually very clear from the ipc Server code. The real question is why >>>>> TOKEN is hard coded there in the first place for the cases when Secret >>>>> Manager is present. Which also raises another question; How to disable >>>>> Secret Manager. >>>>> >>>>> Cheers >>>>> Oleg >>>>> >>>>> >>>> >>> >> >> >> -- >> Best Regards >> >> Jeff Zhang >> > > -- Best Regards Jeff Zhang