Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-4373

CDAP not working correctly in HA-RM secure cluster

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 3.2.1, 3.1.2, 3.0.0
    • Fix Version/s: 3.3.0, 3.2.2
    • Component/s: None
    • Labels:
      None
    • Release Notes:
      Hide
      Fixed a problem that prevented MapReduce jobs from being run when the Resource Manager
      switches from active to standby in a Kerberos-enabled HA cluster.
      Show
      Fixed a problem that prevented MapReduce jobs from being run when the Resource Manager switches from active to standby in a Kerberos-enabled HA cluster.
    • Rank:
      1|hzz3tr:

      Description

      When starting Twill application, CDAP master adds RM delegation token to the application credential so that the runnable containers can talk to RM using the delegation token to launch other jobs on the cluster (e.g. MR, Spark).

      However, in HA mode, only the delegation token with the first RM service name (host+port) is being added, hence if the second RM is the actual active one, launching job would fail due to kerberos authentication failure (since no valid delegation token can be used, it fallback to use Kerberos and the container is not Kerberos login).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                terence Terence Yim
                Reporter:
                terence Terence Yim
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: