[
https://issues.apache.org/jira/browse/YARN-945?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13722086#comment-13722086
]
Bikas Saha commented on YARN-945:
---------------------------------
Looks good overall.
To be clear, this works for cases in which the UGI already contains the token
and then, when we first initialize the protocol proxy via the ClientRMProxy,
the ClientRMProxy layer adds the correct service addr to the token. Is that
correct? The token is obtained by either the client (unmanaged AM) or set
directly by the RM (managed AM) and gets populated in the AM's UGI before the
AM creates the AM->RM proxy. When the AM->RM proxy is created then the service
is initialized in the token by ClientRMProxy.
In that case, does YARNClientImpl need to do setTokenService (with static RM
address lookup) on the token in YarnClient.getAMRMToken()? The
unmanagedAMLauncher or other user of YarnClient.getAMRMToken() needs to simply
populate the AM's UGI correctly without doing any translation right? In that
case, can we remove the YarnClient side translation code
Could you please open jiras for the TODO's so that we dont lose them. And refer
the jira numbers in the TODO's.
I wish we could leverage RMProxy or something like that in the tests instead of
having to replicate the setTokenService() code in so many places. Can leave it
for a separate jira.
> AM register failing after AMRMToken
> -----------------------------------
>
> Key: YARN-945
> URL: https://issues.apache.org/jira/browse/YARN-945
> Project: Hadoop YARN
> Issue Type: Bug
> Affects Versions: 2.1.0-beta
> Reporter: Bikas Saha
> Assignee: Vinod Kumar Vavilapalli
> Priority: Blocker
> Fix For: 2.1.0-beta
>
> Attachments: nm.log, rm.log, YARN-945-20130728.txt, yarn-site.xml
>
>
> 509 2013-07-19 15:53:55,569 INFO org.apache.hadoop.ipc.Server: IPC Server
> listener on 54313: readAndProcess from client 127.0.0.1 threw exception
> [org.apache.hadoop.security.AccessControlException: SIMPLE authentication is
> not enabled. Available:[TOKEN]]
> 510 org.apache.hadoop.security.AccessControlException: SIMPLE authentication
> is not enabled. Available:[TOKEN]
> 511 at
> org.apache.hadoop.ipc.Server$Connection.initializeAuthContext(Server.java:1531)
> 512 at
> org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1482)
> 513 at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:788)
> 514 at
> org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:587)
> 515 at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:562)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
