Created on 08-12-2014 06:38 AM - edited 09-16-2022 02:04 AM
org.apache.hadoop.mapred.YarnChild.main(YarnChild.java:136)
I have tried setting yarn.app.mapreduce.am.job.client.port-range to a specific range, but it doesn't look like that is the right setting.
I have seen it use ports ranging from 32000 - 65000
CDH 5.1
Created 08-14-2014 12:55 PM
From what I have seen these are IPC ephemeral ports.
Is there anyway to control the range on these?
Created 11-30-2014 06:35 AM
Created 03-01-2016 12:49 AM
Created 03-01-2016 01:09 AM
Created 03-01-2016 02:01 PM
Thanks, i'll try that and see if that solves the issue.
Created 01-03-2017 08:54 AM
Did the change work for you?
Created 01-03-2017 02:33 PM
I made the following in YARN/MR setting, but it doesn't work.
YARN Service MapReduce Advanced Configuration Snippet (Safety Valve)
<property>
<name>yarn.app.mapreduce.am.job.client.port-range</name>
<value>44000-50000</value>
<description>Restrict the range for firewall.</description>
</property>
For advanced use only, a string to be inserted into mapred-site.xml. Applies to configurations of all roles in this service except client configuration.
Created 01-03-2017 04:46 PM
When you say something "doesn't work" could you please also always include the observed behaviour vs. expected?
BTW the safety valve you've used is incorrect ("YARN Service MapReduce …"), as this is a client-side property. Use the safety valve under YARN Gateway called "MapReduce Client Advanced Configuration Snippet (Safety Valve) for mapred-site.xml".
Created 01-04-2017 07:19 AM
Thanks for replying. I think that I use the correct setting since this should be on the server side.
Created 01-04-2017 07:30 AM
Created 01-04-2017 07:49 AM
Thanks for your quick response. I did the quick test after putting the client side setting, but it still doesn't work. I still saw MR job failed due to No Route to Host from slave 1 to slave 2 on port not defined within the set range.
Created on 01-04-2017 07:57 AM - edited 01-04-2017 08:08 AM
Have you already ensured your launched app's specific configuration page on the JobHistory reflects the changed configs? Did you ensure to also deploy the client config change via a cluster-wide redeploy? https://www.youtube.com/watch?v=4S9H3wftM_0
I'm able to limit the ports just fine. The test case even passes.
Given you appear to have pre-limited iptables rules causing a NoRouteToHost for the IPCs between client and MR2 AM, have you already ensured that among the open port range you are able to make a proper connection by running something outside of CDH such as a simple Python HTTP service (python -m SimpleHttpServer -p some_target_open_range_port) on all NodeManagers and connecting to them from the edge host?
Created on 01-04-2017 08:20 AM - edited 01-04-2017 09:13 AM
Redeployed the client configuration from CM. Checked both yarn and hive configuration, both mapred-site.xml files have the correct configuration reflected.
Created on 01-04-2017 08:39 AM - edited 01-04-2017 09:47 AM
I am not using iptables, using firewalld instead on Centos 7.x. The error I saw is caused by Hive doing select count(*) on a table, and the log indicates that the communication is between two slave nodes, not between edge node and AM.
Please check your test setting. If your range is large enough, some jobs might succeed. With my current setting of 6000 port range, some jobs failed, and some succeeded by retrying and hitting the port within the range.
Created 03-15-2017 11:58 AM
I am in the same boat - we have a restrictive firewall in place and I am trying to open a range of ports 49900 - 50000 with the following in the mapred-site.xml.
<property>
<name>yarn.app.mapreduce.am.job.client.port-range</name>
<value>49900-50000</value>
</property>
I am not able to restrict the ports at all - I see the following when I run my job -
Got exception: java.net.NoRouteToHostException: No Route to Host from rm.domain.com/X.X.X.XXXX to workernodeX.domain.com:38470 - AFAIK - No route to host means the destination firewall is kicking me out.
I am on cloudera CDH 5.10.0 - does it include the below fix forhttps://issues.apache.org/jira/browse/MAPREDUCE-6338? If not which version would - I need to run this thing with extensive firewall in place and hence the question.
Thanks in advance for your help!
Created 01-04-2017 07:34 AM
Could you check if this JIRA is fixed by Cloudera?
Created 10-15-2018 01:30 PM
Did anyone succussfully solved this problem. I am installing a new cloudera cluster using 5.15.1 version and we want to restrict the firewall rules in a range for the nodes to communicate. However, when i run jobs it starts using ports that are not open and hence, fails to run the job.