Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.1.0
-
None
Description
We get below errors in NodeManager logs whenever we set yarn.timeline-service.http-authentication.type=simple in a cluster which has kerberos enabled. There are use cases where simple auth is used only in timeline server for convenience although kerberos is enabled.
2020-05-20 20:06:30,181 ERROR impl.TimelineV2ClientImpl (TimelineV2ClientImpl.java:putObjects(321)) - Response from the timeline server is not successful, HTTP error code: 403, Server response: {"exception":"ForbiddenException","message":"java.lang.Exception: The owner of the posted timeline entities is not set","javaClassName":"org.apache.hadoop.yarn.webapp.ForbiddenException"}
This seems to affect the NM timeline publisher which uses TimelineV2ClientImpl. Doing a simple auth directly to timeline service via curl works fine. So this issue is in the authenticator configuration in timeline client.
Attachments
Attachments
Issue Links
- breaks
-
YARN-10362 Javadoc for TimelineReaderAuthenticationFilterInitializer is broken
- Resolved
- causes
-
YARN-10816 Avoid doing delegation token ops when yarn.timeline-service.http-authentication.type=simple
- Resolved