AnsweredAssumed Answered

yarn daemonlog fails on a secure cluster

Question asked by prabhujoseph on Dec 23, 2015
Latest reply on Feb 22, 2016 by prabhujoseph
[mapr@rh-4 bin]$ yarn daemonlog -setlevel  10.10.70.192:8090 org.apache.hadoop.ipc.Server  DEBUG
Connecting to https://10.10.70.192:8090/logLevel?log=org.apache.hadoop.ipc.Server&level=DEBUG
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present

RM logs has:

2015-12-23 17:23:27,959 WARN org.mortbay.log: EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
        at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
        at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

YARN RM is secured with Kerberos and has hadoop.login=hybrid. NM talks with RM using Kerberos. Yarn client uses MaprSasl to submit jobs into RM. But yarn client fails for daemonlog.



Outcomes