客户端无法通过以下方式进行身份验证:[TOKEN,KERBEROS] [英] Client cannot authenticate via:[TOKEN, KERBEROS]
问题描述
我正在使用YarnClient以编程方式开始工作。我正在运行的群集已使用kerberos化。
I'm using YarnClient to programmatically start a job. The cluster i'm running on has been kerberos-ized.
法线贴图减少了通过 yarn jar examples.jar wordcount ...提交的工作。
Normal map reduce jobs submitted via "yarn jar examples.jar wordcount..." work.
我要以编程方式提交的工作没有。我收到此错误:
The job i'm trying to submit programmatically, does not. I get this error:
14/09/04 21:14:29错误client.ClientService:在应用程序提交期间发生错误:Application application_1409863263326_0002由于AM容器appattempt_1_1863863263326_0002_000002退出失败,两次失败,退出代码为-1000,原因是:本地异常失败:java.io.IOException:org.apache.hadoop.security.AccessControlException:客户端无法通过以下方式进行身份验证:[TOKEN,KERBEROS];主机详细信息:本地主机为: yarn-c1-n1.clouddev.snaplogic.com/10.184.28.108;目标主机是: yarn-c1-cdh.clouddev.snaplogic.com:8020;
。尝试失败。
14/09/04 21:14:29错误client.YClient:应用程序提交失败
14/09/04 21:14:29 ERROR client.ClientService: Error happened during application submit: Application application_1409863263326_0002 failed 2 times due to AM Container for appattempt_1409863263326_0002_000002 exited with exitCode: -1000 due to: Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]; Host Details : local host is: "yarn-c1-n1.clouddev.snaplogic.com/10.184.28.108"; destination host is: "yarn-c1-cdh.clouddev.snaplogic.com":8020; .Failing this attempt.. Failing the application. 14/09/04 21:14:29 ERROR client.YClient: Application submission failed
代码看起来像
ClientContext context = createContextFrom(args);
YarnConfiguration configuration = new YarnConfiguration();
YarnClient yarnClient = YarnClient.createYarnClient();
yarnClient.init(configuration);
ClientService client = new ClientService(context, yarnClient, new InstallManager(FileSystem.get(configuration)));
LOG.info(Messages.RUNNING_CLIENT_SERVICE);
boolean result = client.execute();
我以为可能会增加以下效果:
I had thought that perhaps adding something to the effect of:
yarnClient.getRMDelegationToken(new Text(InetAddress.getLocalHost().getHostAddress()));
也许可以缓解我的麻烦,但这似乎也无济于事。任何帮助将不胜感激。
Could perhaps assuage my woes, but that doesn't seem to help either. Any help would be greatly appreciated.
推荐答案
好吧,经过几个小时又几个小时,我们已经弄清楚了。对于随后的所有后代编码人员,永远都受hadoop缺乏文档的困扰:
Alright, well after hours and hours and hours we have this figured out. For all following generations of coders, forever plagued by hadoop's lack of documentation:
您必须通过调用UserGroupInformation对象来获取令牌,以获取凭据。然后,必须在ContainerLaunchContext上设置令牌。
You must grab the tokens from UserGroupInformation object with a call to get credentials. Then you must set the tokens on the ContainerLaunchContext.
这篇关于客户端无法通过以下方式进行身份验证:[TOKEN,KERBEROS]的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
