diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/AMRMClientUtils.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/AMRMClientUtils.java index 3cecdca55237..37e2b5efe127 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/AMRMClientUtils.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/utils/AMRMClientUtils.java @@ -163,8 +163,12 @@ public static FinishApplicationMasterResponse finishAMWithReRegister( LOG.info("Creating RMProxy to RM {} for protocol {} for user {}", rmClusterId, protocol.getSimpleName(), user); if (token != null) { - token.setService(ClientRMProxy.getAMRMTokenService(configuration)); + // preserve the token service sent by the RM when adding the token + // to ensure we replace the previous token setup by the RM. + // Afterwards we can update the service address for the RPC layer. + // Same as YarnServerSecurityUtils.updateAMRMToken() user.addToken(token); + token.setService(ClientRMProxy.getAMRMTokenService(configuration)); setAuthModeInConf(configuration); } final T proxyConnection = user.doAs(new PrivilegedExceptionAction() {