Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.3.0, 3.2.2, 3.1.4
    • Component/s: None
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      SchedConfCli does not work with https RM

      [yarn@rmhost-1 /]$ yarn schedulerconf -global yarn.scheduler.capacity.maximum-applications=10000
      WARNING: YARN_OPTS has been replaced by HADOOP_OPTS. Using value of YARN_OPTS.
      Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: Error while authenticating with endpoint: https://<RM_HOST>:8090/ws/v1/cluster/scheduler-conf
      	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155)
      	at com.sun.jersey.api.client.Client.handle(Client.java:652)
      	at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682)
      	at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74)
      	at com.sun.jersey.api.client.WebResource$Builder.put(WebResource.java:529)
      	at org.apache.hadoop.yarn.client.cli.SchedConfCLI.updateSchedulerConfOnRMNode(SchedConfCLI.java:178)
      	at org.apache.hadoop.yarn.webapp.util.WebAppUtils.execOnActiveRM(WebAppUtils.java:102)
      	at org.apache.hadoop.yarn.client.cli.SchedConfCLI.run(SchedConfCLI.java:143)
      	at org.apache.hadoop.yarn.client.cli.SchedConfCLI.main(SchedConfCLI.java:77)
      Caused by: javax.net.ssl.SSLHandshakeException: Error while authenticating with endpoint: https://<RM_HOST>:8090/ws/v1/cluster/scheduler-conf
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      	at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.wrapExceptionWithMessage(KerberosAuthenticator.java:232)
      	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:216)
      	at org.apache.hadoop.security.authentication.client.AuthenticatedURL.openConnection(AuthenticatedURL.java:348)
      	at org.apache.hadoop.yarn.client.cli.SchedConfCLI$1.getHttpURLConnection(SchedConfCLI.java:157)
      	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:165)
      	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153)
      	... 8 more
      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
      	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
      	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
      	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
      	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
      	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
      	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
      	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
      	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
      	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
      	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
      	at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153)
      	at org.apache.hadoop.security.authentication.client.KerberosAuthenticator.authenticate(KerberosAuthenticator.java:189)
      	... 12 more
      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
      	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
      	at sun.security.validator.Validator.validate(Validator.java:260)
      	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
      	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
      	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
      	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
      	... 23 more
      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
      	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
      	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
      	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
      	... 29 more
      

        Attachments

        1. YARN-9801-001.patch
          4 kB
          Prabhu Joseph
        2. YARN-9801-002.patch
          4 kB
          Prabhu Joseph
        3. YARN-9801-003.patch
          5 kB
          Prabhu Joseph

          Activity

            People

            • Assignee:
              prabhujoseph Prabhu Joseph
              Reporter:
              prabhujoseph Prabhu Joseph
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: