Try Creating Keys for FQDN of the server, e.g: **yarn/[email protected] <[email protected]>* *
On Wed, Nov 2, 2016 at 3:36 PM, Kilaru, Sambaiah <[email protected] > wrote: > What is FQDN of hosts? Tcpdump on port 88 and see what request it is going > through? > > Checking keytabs are current by logging in > Kinit –kt temp_host.keytab *yarn/[email protected] <[email protected]>* > > What is your /etc/krb5.conf file look like? > > Thanks, > Sam > > From: Micro dong <[email protected]> > Date: Tuesday, November 1, 2016 at 9:15 AM > To: "[email protected]" <[email protected]> > Subject: Start job with Kerberos meet error > > I'm trying to configure Yarn(hadoop-2.7.2) With Kerberos。Here is my > configuration file in yarn-site.xml。 > *<property>* > * <name>yarn.resourcemanager.keytab</name>* > * > <value>/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab</value>* > * </property>* > * <property>* > * <name>yarn.resourcemanager.principal</name>* > * <value>yarn/[email protected] <[email protected]></value>* > * </property>* > * <property>* > * <name>yarn.nodemanager.keytab</name>* > * > <value>/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab</value>* > * </property>* > * <property>* > * <name>yarn.nodemanager.principal</name>* > * <value>yarn/[email protected] <[email protected]></value>* > * </property>* > * <property>* > * <name>yarn.nodemanager.linux-container-executor.path</name>* > * <value>/home/yarn/software/hadoop/bin/container-executor</value>* > * </property>* > * <property>* > * <name>yarn.nodemanager.container-executor.class</name>* > * > <value>org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor</value>* > * </property>* > * <property>* > * <name>yarn.nodemanager.linux-container-executor.group</name>* > * <value>yarn</value>* > * </property>* > > the keytab file is in its location, its owner is yarn. But when I try to > start job, I see this message on the log: > 2016-10-31 19:30:00,743 WARN org.apache.hadoop.yarn.server. > nodemanager.containermanager.localizer.ResourceLocalizationService: { > hdfs://tempt48:9000/home/yarn/staging/xjc/.staging/job_1477641527809_0017/job.jar, > 1477913393217, PATTERN, (?:classes/|lib/).* } failed: Login failure for > yarn/[email protected] from keytab > /home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab: > javax.security.auth.login.LoginException: Unable to obtain password from > user > > tempt48 is resourcemanager'node ,tempt57 is nodemanager's node. > > keytab file in tempt57 > *[yarn@tempt57 sbin]$ klist -kt > /home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab * > *Keytab name: FILE:/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab* > *KVNO Timestamp Principal* > *---- ----------------- > --------------------------------------------------------* > * 2 10/31/16 17:30:06 yarn/[email protected] <[email protected]>* > * 2 10/31/16 17:30:06 yarn/[email protected] <[email protected]>* > * 2 10/31/16 17:30:07 yarn/[email protected] <[email protected]>* > * 2 10/31/16 17:30:07 yarn/[email protected] <[email protected]>* > * 2 10/31/16 17:30:07 yarn/[email protected] <[email protected]>* > > > keytab file in tempt48 > *[yarn@tempt48 sbin]$ klist -kt > /home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab* > *Keytab name: FILE:/home/yarn/software/hadoop/etc/hadoop/conf/yarn.keytab* > *KVNO Timestamp Principal* > *---- ----------------- > --------------------------------------------------------* > * 2 10/14/16 12:00:18 yarn/[email protected] <[email protected]>* > * 2 10/14/16 12:00:18 yarn/[email protected] <[email protected]>* > * 2 10/14/16 12:00:18 yarn/[email protected] <[email protected]>* > * 2 10/14/16 12:00:19 yarn/[email protected] <[email protected]>* > * 2 10/14/16 12:00:19 yarn/[email protected] <[email protected]>* > > > Any help would be highly appreciated. > > *Best regards* > > > -- Regards, Akash Mishra. "It's not our abilities that make us, but our decisions."--Albus Dumbledore
