Shen Yinjie created YARN-9510: --------------------------------- Summary: Proxyuser access timeline and getdelegationtoken failed without Timeline server restart Key: YARN-9510 URL: https://issues.apache.org/jira/browse/YARN-9510 Project: Hadoop YARN Issue Type: Improvement Components: timelineserver Affects Versions: 3.1.0 Reporter: Shen Yinjie
We add a proxyuser by changing "hadoop.proxyuser.xx.yy", and then execute yarn rmadmin -refreshSuperUserGroupsConfiguration but didn't restart timeline server.MR job will fail and throws : Caused by: org.apache.hadoop.security.authentication.client.AuthenticationException: Authentication failed, URL: http://hostname:8188/ws/v1/timeline/?op=GETDELEGATIONTOKEN&doAs=alluxio&renewer=rm%2Fhc1%40XXF&user.name=ambari-qa, status: 403, message: Forbidden at org.apache.hadoop.security.authentication.client.AuthenticatedURL.extractToken(AuthenticatedURL.java:401) at org.apache.hadoop.security.authentication.client.PseudoAuthenticator.authenticate(PseudoAuthenticator.java:74) at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator.authenticate(DelegationTokenAuthenticator.java:147) at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:213) seems that proxyuser info in timeline server has not been refreshed. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-dev-h...@hadoop.apache.org