check for active RM is broken for kerberized clusters

[dimon222]

Basically in title.
Default response for non-authenticated request is 401 to enforce handshake with new Kerberos ticket from client. Sadly, current code is expecting 200 OK response for basic activeness check.

So if your cluster is kerberized and requires auth, you will fail to initialize resourcemanager context and code will crash with exception "No RM is active"

Options

1. Accept 401 as valid response for active RM validation
2. Inject/rewrite active check to use authentication for access via something more modern like requests library (existing is very python-native but not flexible for Auth as it requires to do headers meddling manually)

[kevin-bates]

@dimon222 - thanks for finding this, it is unfortunate.

Regarding the options... Although 1 seems easier, it seems like 2 is probably better in the long run. I think I noticed that the active check didn't use requests last time I was in that area, but am not much of a web-dev to know what is necessary. Are you planning on providing a fix for this?

[dimon222]

@kevin-bates I've prepared the change, but it might require some testing before its merged