Support Questions

Find answers, ask questions, and share your expertise

YARN logs + HTTP auth

avatar
Rising Star

Hello!

I have HDP 2.5 cluster with KERBEROS enabled, connected to Active Directory.

When I try to switch on HTTP AUTH -

https://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.6.2/bk_security/content/_configuring_http_authe...

Logs can be retrived using shell

yarn logs -applicationId application_1509115509826_0001

I can't access any logs from YARN UI for example

<YARN-RM-HOST>:19888/jobhistory/logs/<NODE>:45454/container_e56_1509115509826_0001_01_000001/container_e56_1509115509826_0001_01_000001/hive

With following error:

User <MY Active Directory User> is not authorized to view the logs for container_e56_1509115509826_0001_01_000001 in log file [<NODE>_45454_1509118017724]No logs available for container container_e56_1509115509826_0001_01_000001
1 ACCEPTED SOLUTION

avatar
Master Mentor

@Nikita Kiselev

Can you please check if you have the following configuration in your yarn configs? Also please check the proxy user settings are correct.

yarn.admin.acl=*
yarn.acl.enable=false

.

Also please share the value of the following property from the core-site : "hadoop.http.staticuser.user"

Have you tried restarting the History Server?

View solution in original post

3 REPLIES 3

avatar
Master Mentor

@Nikita Kiselev

Can you please check if you have the following configuration in your yarn configs? Also please check the proxy user settings are correct.

yarn.admin.acl=*
yarn.acl.enable=false

.

Also please share the value of the following property from the core-site : "hadoop.http.staticuser.user"

Have you tried restarting the History Server?

avatar
Rising Star

Your settings solve the problem.

I have default values

yarn.admin.acl=yarn,dr.who
yarn.acl.enable=true

hadoop.http.staticuser.user = yarn

avatar
Rising Star

Also works for me after some experiments:

yarn.admin.acl=yarn,dr.who,<AD LOGIN IN UPPERCASE WITHOUT REALM>