diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java index 712bc43..3fd7370 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/java/org/apache/hadoop/yarn/server/nodemanager/containermanager/ContainerManagerImpl.java @@ -232,6 +232,13 @@ protected void serviceStart() throws Exception { // Enqueue user dirs in deletion context Configuration conf = getConfig(); + + if (!UserGroupInformation.isSecurityEnabled()) { + // If the auth is not-simple, enforce it to be token-based. + conf.set(CommonConfigurationKeysPublic.HADOOP_SECURITY_AUTHENTICATION, + UserGroupInformation.AuthenticationMethod.TOKEN.toString()); + } + YarnRPC rpc = YarnRPC.create(conf); InetSocketAddress initialAddress = conf.getSocketAddr( @@ -251,7 +258,7 @@ protected void serviceStart() throws Exception { false)) { refreshServiceAcls(conf, new NMPolicyProvider()); } - + LOG.info("Blocking new container-requests as container manager rpc" + " server is still starting."); this.setBlockNewContainerRequests(true);