Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-10339

Timeline Client in Nodemanager gets 403 errors when simple auth is used in kerberos environments

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.4.0
    • Component/s: timelineclient
    • Labels:
      None

      Description

      We get below errors in NodeManager logs whenever we set yarn.timeline-service.http-authentication.type=simple in a cluster which has kerberos enabled. There are use cases where simple auth is used only in timeline server for convenience although kerberos is enabled.

      2020-05-20 20:06:30,181 ERROR impl.TimelineV2ClientImpl (TimelineV2ClientImpl.java:putObjects(321)) - Response from the timeline server is not successful, HTTP error code: 403, Server response:
      
      {"exception":"ForbiddenException","message":"java.lang.Exception: The owner of the posted timeline entities is not set","javaClassName":"org.apache.hadoop.yarn.webapp.ForbiddenException"}
      

      This seems to affect the NM timeline publisher which uses TimelineV2ClientImpl. Doing a simple auth directly to timeline service via curl works fine. So this issue is in the authenticator configuration in timeline client.

        Attachments

        1. YARN-10339.001.patch
          12 kB
          Tarun Parimi
        2. YARN-10339.002.patch
          20 kB
          Tarun Parimi

          Issue Links

            Activity

              People

              • Assignee:
                tarunparimi Tarun Parimi
                Reporter:
                tarunparimi Tarun Parimi
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: