You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "Alexandre Linte (JIRA)" <ji...@apache.org> on 2016/11/03 14:55:58 UTC
[jira] [Comment Edited] (TEZ-3418) Tez UI/UI2 doesn't support
kerberized cluster
[ https://issues.apache.org/jira/browse/TEZ-3418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15632975#comment-15632975 ]
Alexandre Linte edited comment on TEZ-3418 at 11/3/16 2:55 PM:
---------------------------------------------------------------
Here is the configuration is used for hosting the tez-ui2:
1. Edit the .war (ex: tez-ui2-0.8.4.war/config/configs.env)
{noformat}
hosts: {
/*
* Timeline Server Address:
* By default TEZ UI looks for timeline server at http://localhost:8188, uncomment and change
* the following value for pointing to a different address.
*/
//timeline: "http://localhost:8188",
/*
* Resource Manager Address:
* By default RM REST APIs are expected to be at http://localhost:8088, uncomment and change
* the following value to point to a different address.
*/
//rm: "http://localhost:8088",
/*
* Resource Manager Web Proxy Address:
* Optional - By default, value configured as RM host will be taken as proxy address
* Use this configuration when RM web proxy is configured at a different address than RM.
*/
//rmProxy: "http://localhost:8088",
}
{noformat}
2. Edit the yarn configuration in order to host the tez ui, and to activate other required options:
{noformat}
<property>
<name>yarn.timeline-service.enabled</name>
<value>true</value>
</property>
<property>
<name>yarn.timeline-service.hostname</name>
<value>resourcemanager01.bigdata.fr</value>
</property>
<property>
<name>yarn.timeline-service.address</name>
<value>resourcemanager01.bigdata.fr:10200</value>
</property>
<property>
<name>yarn.timeline_service.webapp.address</name>
<value>resourcemanager01.bigdata.fr:8188</value>
</property>
<property>
<name>yarn.timeline-service.http-cross-origin.enabled</name>
<value>true</value>
</property>
<property>
<name>yarn.resourcemanager.system-metrics-publisher.enabled</name>
<value>true</value>
</property>
<property>
<name>yarn.timeline-service.ui-names</name>
<value>tezui2</value>
</property>
<property>
<name>yarn.timeline-service.ui-web-path.tezui2</name>
<value>/tez-ui2</value>
</property>
<property>
<name>yarn.timeline-service.ui-on-disk-path.tezui2</name>
<value>/opt/application/Tez/current/tez-ui2-0.8.4.war</value>
</property>
{noformat}
3. Edit the tez-site.xml in order to specify the logging service and the history url
{noformat}
<property>
<description>Enable Tez to use the Timeline Server for History Logging</description>
<name>tez.history.logging.service.class</name>
<value>org.apache.tez.dag.history.logging.ats.ATSHistoryLoggingService</value>
</property>
<property>
<description>URL for where the Tez UI is hosted</description>
<name>tez.tez-ui.history-url.base</name>
<value>http://resourcemanager.bigdata.fr:8188/tez-ui2/</value>
</property>
{noformat}
. The timelineserver is loading the war successfully. However, this is not possible to access the web interface. I get a "GSSException". The full stacktrace is below:
{noformat}
2016-11-03 15:10:22,360 DEBUG org.mortbay.log: REQUEST /tez-ui2/ on org.mortbay.jetty.HttpConnection@2dc21271
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: sessionManager=org.mortbay.jetty.servlet.HashSessionManager@7c32b4f8
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: session=null
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: servlet=default
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: chain=NoCacheFilter->NoCacheFilter->safety->Cross Origin Filter->Timeline Authentication Filter->default
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: servlet holder=default
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,362 DEBUG org.mortbay.log: call filter safety
2016-11-03 15:10:22,362 DEBUG org.mortbay.log: call filter Cross Origin Filter
2016-11-03 15:10:22,362 DEBUG org.apache.hadoop.security.http.CrossOriginFilter: Header origin is null. Returning
2016-11-03 15:10:22,362 DEBUG org.mortbay.log: call filter Timeline Authentication Filter
2016-11-03 15:10:22,362 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/] triggering authentication
2016-11-03 15:10:22,364 DEBUG org.mortbay.log: RESPONSE /tez-ui2/ 401
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: REQUEST /tez-ui2/ on org.mortbay.jetty.HttpConnection@2dc21271
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: sessionManager=org.mortbay.jetty.servlet.HashSessionManager@7c32b4f8
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: session=null
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: servlet=default
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: chain=NoCacheFilter->NoCacheFilter->safety->Cross Origin Filter->Timeline Authentication Filter->default
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: servlet holder=default
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter safety
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter Cross Origin Filter
2016-11-03 15:10:22,371 DEBUG org.apache.hadoop.security.http.CrossOriginFilter: Header origin is null. Returning
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter Timeline Authentication Filter
2016-11-03 15:10:22,371 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/] triggering authentication
2016-11-03 15:10:22,380 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/] user [hdfs] authenticated
2016-11-03 15:10:22,382 DEBUG org.mortbay.log: call servlet default
2016-11-03 15:10:22,384 DEBUG org.mortbay.log: RESOURCE=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: RESOURCE=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: resource=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: RESOURCE=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/index.html
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: sessionManager=org.mortbay.jetty.servlet.HashSessionManager@7c32b4f8
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: session=null
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: servlet=default
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: chain=NoCacheFilter->NoCacheFilter->safety->Cross Origin Filter->Timeline Authentication Filter->default
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: servlet holder=default
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter safety
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter Cross Origin Filter
2016-11-03 15:10:22,386 DEBUG org.apache.hadoop.security.http.CrossOriginFilter: Header origin is null. Returning
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter Timeline Authentication Filter
2016-11-03 15:10:22,386 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/index.html] triggering authentication
2016-11-03 15:10:22,394 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))
org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:398)
at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.security.http.CrossOriginFilter.doFilter(CrossOriginFilter.java:95)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.HttpServer2$QuotingInputFilter.doFilter(HttpServer2.java:1243)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.mortbay.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:503)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:595)
at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.doFilter(DelegationTokenAuthenticationFilter.java:291)
at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:554)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.security.http.CrossOriginFilter.doFilter(CrossOriginFilter.java:95)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.HttpServer2$QuotingInputFilter.doFilter(HttpServer2.java:1243)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:322)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:905)
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:365)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:347)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:347)
... 50 more
Caused by: KrbException: Request is a replay (34)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:302)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
... 61 more
2016-11-03 15:10:22,398 DEBUG org.mortbay.log: RESPONSE /tez-ui2/ 403
{noformat}
This is strange because everything works fine with the timelineserver and the Kerberos authentication activated.
Note: this error is the same as the one visilbe at https://issues.apache.org/jira/browse/YARN-2513 (second to last comment).
was (Author: bigdataorange):
Here is the configuration is used for hosting the tez-ui2:
1. Edit the .war (ex: tez-ui2-0.8.4.war/config/configs.env)
{noformat}
hosts: {
/*
* Timeline Server Address:
* By default TEZ UI looks for timeline server at http://localhost:8188, uncomment and change
* the following value for pointing to a different address.
*/
//timeline: "http://localhost:8188",
/*
* Resource Manager Address:
* By default RM REST APIs are expected to be at http://localhost:8088, uncomment and change
* the following value to point to a different address.
*/
//rm: "http://localhost:8088",
/*
* Resource Manager Web Proxy Address:
* Optional - By default, value configured as RM host will be taken as proxy address
* Use this configuration when RM web proxy is configured at a different address than RM.
*/
//rmProxy: "http://localhost:8088",
}
{noformat}
2. Edit the yarn configuration in order to host the tez ui, and to activate other required options:
{noformat}
<property>
<name>yarn.timeline-service.enabled</name>
<value>true</value>
</property>
<property>
<name>yarn.timeline-service.hostname</name>
<value>resourcemanager01.bigdata.fr</value>
</property>
<property>
<name>yarn.timeline-service.address</name>
<value>resourcemanager01.bigdata.fr:10200</value>
</property>
<property>
<name>yarn.timeline_service.webapp.address</name>
<value>resourcemanager01.bigdata.fr:8188</value>
</property>
<property>
<name>yarn.timeline-service.http-cross-origin.enabled</name>
<value>true</value>
</property>
<property>
<name>yarn.resourcemanager.system-metrics-publisher.enabled</name>
<value>true</value>
</property>
<property>
<name>yarn.timeline-service.ui-names</name>
<value>tezui2</value>
</property>
<property>
<name>yarn.timeline-service.ui-web-path.tezui2</name>
<value>/tez-ui2</value>
</property>
<property>
<name>yarn.timeline-service.ui-on-disk-path.tezui2</name>
<value>/opt/application/Tez/current/tez-ui2-0.8.4.war</value>
</property>
{noformat}
3. Edit the tez-site.xml in order to specify the logging service and the history url
<property>
<description>Enable Tez to use the Timeline Server for History Logging</description>
<name>tez.history.logging.service.class</name>
<value>org.apache.tez.dag.history.logging.ats.ATSHistoryLoggingService</value>
</property>
<property>
<description>URL for where the Tez UI is hosted</description>
<name>tez.tez-ui.history-url.base</name>
<value>http://resourcemanager.bigdata.fr:8188/tez-ui2/</value>
</property>
. The timelineserver is loading the war successfully. However, this is not possible to access the web interface. I get a "GSSException". The full stacktrace is below:
{noformat}
2016-11-03 15:10:22,360 DEBUG org.mortbay.log: REQUEST /tez-ui2/ on org.mortbay.jetty.HttpConnection@2dc21271
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: sessionManager=org.mortbay.jetty.servlet.HashSessionManager@7c32b4f8
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: session=null
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: servlet=default
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: chain=NoCacheFilter->NoCacheFilter->safety->Cross Origin Filter->Timeline Authentication Filter->default
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: servlet holder=default
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,361 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,362 DEBUG org.mortbay.log: call filter safety
2016-11-03 15:10:22,362 DEBUG org.mortbay.log: call filter Cross Origin Filter
2016-11-03 15:10:22,362 DEBUG org.apache.hadoop.security.http.CrossOriginFilter: Header origin is null. Returning
2016-11-03 15:10:22,362 DEBUG org.mortbay.log: call filter Timeline Authentication Filter
2016-11-03 15:10:22,362 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/] triggering authentication
2016-11-03 15:10:22,364 DEBUG org.mortbay.log: RESPONSE /tez-ui2/ 401
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: REQUEST /tez-ui2/ on org.mortbay.jetty.HttpConnection@2dc21271
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: sessionManager=org.mortbay.jetty.servlet.HashSessionManager@7c32b4f8
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: session=null
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: servlet=default
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: chain=NoCacheFilter->NoCacheFilter->safety->Cross Origin Filter->Timeline Authentication Filter->default
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: servlet holder=default
2016-11-03 15:10:22,370 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter safety
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter Cross Origin Filter
2016-11-03 15:10:22,371 DEBUG org.apache.hadoop.security.http.CrossOriginFilter: Header origin is null. Returning
2016-11-03 15:10:22,371 DEBUG org.mortbay.log: call filter Timeline Authentication Filter
2016-11-03 15:10:22,371 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/] triggering authentication
2016-11-03 15:10:22,380 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/] user [hdfs] authenticated
2016-11-03 15:10:22,382 DEBUG org.mortbay.log: call servlet default
2016-11-03 15:10:22,384 DEBUG org.mortbay.log: RESOURCE=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: RESOURCE=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: resource=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: RESOURCE=file:/tmp/Jetty_resourcemanager01_rouen_francetelecom_fr_8188_tez.ui2.0.8.4.war__tez.ui2__n5i93c/webapp/index.html
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: sessionManager=org.mortbay.jetty.servlet.HashSessionManager@7c32b4f8
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: session=null
2016-11-03 15:10:22,385 DEBUG org.mortbay.log: servlet=default
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: chain=NoCacheFilter->NoCacheFilter->safety->Cross Origin Filter->Timeline Authentication Filter->default
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: servlet holder=default
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter NoCacheFilter
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter safety
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter Cross Origin Filter
2016-11-03 15:10:22,386 DEBUG org.apache.hadoop.security.http.CrossOriginFilter: Header origin is null. Returning
2016-11-03 15:10:22,386 DEBUG org.mortbay.log: call filter Timeline Authentication Filter
2016-11-03 15:10:22,386 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Request [http://resourcemanager01.bigdata.fr:8188/tez-ui2/index.html] triggering authentication
2016-11-03 15:10:22,394 DEBUG org.apache.hadoop.security.authentication.server.AuthenticationFilter: Authentication exception: GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))
org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:398)
at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationHandler.authenticate(DelegationTokenAuthenticationHandler.java:348)
at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:519)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.security.http.CrossOriginFilter.doFilter(CrossOriginFilter.java:95)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.HttpServer2$QuotingInputFilter.doFilter(HttpServer2.java:1243)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:327)
at org.mortbay.jetty.servlet.Dispatcher.forward(Dispatcher.java:126)
at org.mortbay.jetty.servlet.DefaultServlet.doGet(DefaultServlet.java:503)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1221)
at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:595)
at org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticationFilter.doFilter(DelegationTokenAuthenticationFilter.java:291)
at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:554)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.security.http.CrossOriginFilter.doFilter(CrossOriginFilter.java:95)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.HttpServer2$QuotingInputFilter.doFilter(HttpServer2.java:1243)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1212)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:399)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:322)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:928)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:549)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34))
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:905)
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:365)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler$2.run(KerberosAuthenticationHandler.java:347)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:415)
at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:347)
... 50 more
Caused by: KrbException: Request is a replay (34)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:302)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
... 61 more
2016-11-03 15:10:22,398 DEBUG org.mortbay.log: RESPONSE /tez-ui2/ 403
{noformat}
This is strange because everything works fine with the timelineserver and the Kerberos authentication activated.
Note: this error is the same as the one visilbe at https://issues.apache.org/jira/browse/YARN-2513 (second to last comment).
> Tez UI/UI2 doesn't support kerberized cluster
> ---------------------------------------------
>
> Key: TEZ-3418
> URL: https://issues.apache.org/jira/browse/TEZ-3418
> Project: Apache Tez
> Issue Type: Improvement
> Components: UI
> Affects Versions: 0.8.3
> Environment: Tez 0.8.3, Hadoop 2.7.2
> Reporter: Alexandre Linte
>
> Today it is not possible to use Tez UI/UI2 in a Kerberized cluster without Ambari.
> This feature request asks for an improvement of the Tez UI2 in order to fully support Kerberos.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)