You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Steve Loughran (JIRA)" <ji...@apache.org> on 2016/04/19 19:25:25 UTC

[jira] [Updated] (YARN-4721) RM to try to auth with HDFS on startup, retry with max diagnostics on failure

     [ https://issues.apache.org/jira/browse/YARN-4721?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steve Loughran updated YARN-4721:
---------------------------------
    Attachment: HADOOP-12289-002.patch

Patch 002

# common configuration option to enable kdiag in RM (and ultimately, other services): {{hadoop.kerberos.diagnostics.enabled}}
# exceptions swallowed
# always close kdiag at end of security setup

This code needs tests now. One of which is simply "enable this on an insecure RM and verify that all is well" ... that can be retrofitted to any of the YARN mini cluster tests without adding a new one. Same for any test using a secure cluster. 

if people can point me at a pair of tests I could enhance this way, I'd be grateful

> RM to try to auth with HDFS on startup, retry with max diagnostics on failure
> -----------------------------------------------------------------------------
>
>                 Key: YARN-4721
>                 URL: https://issues.apache.org/jira/browse/YARN-4721
>             Project: Hadoop YARN
>          Issue Type: Improvement
>          Components: resourcemanager
>    Affects Versions: 2.8.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>         Attachments: HADOOP-12289-002.patch, HADOOP-12889-001.patch
>
>
> If the RM can't auth with HDFS, this can first surface during job submission, which can cause confusion about what's wrong and whose credentials are playing up.
> Instead, the RM could try to talk to HDFS on launch, {{ls /}} should suffice. If it can't auth, it can then tell UGI to log more and retry.
> I don't know what the policy should be if the RM can't auth to HDFS at this point. Certainly it can't currently accept work. But should it fail fast or keep going in the hope that the problem is in the KDC or NN and will fix itself without an RM restart?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)