Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

YARN logs + HTTP auth

Labels:
avatar
author-rank nord_tramper
Rising Star

Created ‎10-30-2017 10:33 AM

Hello!

I have HDP 2.5 cluster with KERBEROS enabled, connected to Active Directory.

When I try to switch on HTTP AUTH -

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/_configuring_http_authe...

Logs can be retrived using shell

yarn logs -applicationId application_1509115509826_0001

I can't access any logs from YARN UI for example

<YARN-RM-HOST>:19888/jobhistory/logs/<NODE>:45454/container_e56_1509115509826_0001_01_000001/container_e56_1509115509826_0001_01_000001/hive

With following error:

User <MY Active Directory User> is not authorized to view the logs for container_e56_1509115509826_0001_01_000001 in log file [<NODE>_45454_1509118017724]No logs available for container container_e56_1509115509826_0001_01_000001
4,994 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-30-2017 10:54 AM

@Nikita Kiselev

Can you please check if you have the following configuration in your yarn configs? Also please check the proxy user settings are correct.

yarn.admin.acl=*
yarn.acl.enable=false

.

Also please share the value of the following property from the core-site : "hadoop.http.staticuser.user"

Have you tried restarting the History Server?

View solution in original post

4,518 Views
3 REPLIES 3

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎10-30-2017 10:54 AM

@Nikita Kiselev

Can you please check if you have the following configuration in your yarn configs? Also please check the proxy user settings are correct.

yarn.admin.acl=*
yarn.acl.enable=false

.

Also please share the value of the following property from the core-site : "hadoop.http.staticuser.user"

Have you tried restarting the History Server?

4,519 Views

avatar
author-rank nord_tramper
Rising Star

Created ‎10-30-2017 11:42 AM

Your settings solve the problem.

I have default values 

yarn.admin.acl=yarn,dr.who
yarn.acl.enable=true

hadoop.http.staticuser.user = yarn

4,518 Views
0 Kudos

avatar
author-rank nord_tramper
Rising Star

Created ‎10-30-2017 12:19 PM

Also works for me after some experiments:

yarn.admin.acl=yarn,dr.who,<AD LOGIN IN UPPERCASE WITHOUT REALM>
4,518 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements