You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "gaborgsomogyi (via GitHub)" <gi...@apache.org> on 2023/04/03 07:40:22 UTC

[GitHub] [flink] gaborgsomogyi opened a new pull request, #22325: [FLINK-31656][runtime][security] Obtain delegation tokens early to support external file system usage in blob server

gaborgsomogyi opened a new pull request, #22325:
URL: https://github.com/apache/flink/pull/22325

   ## What is the purpose of the change
   
   At the moment there are no delegation tokens available when HA services is starting. If the HA services uses an external file system where the authentication type is delegation token based (typically S3) then it throws and exception since there are no credentials.
   
   In this PR I've moved the delegation token manager initialization before HA services and trigger a manual token obtain + local JVM receiver propagation. Additionally deferred base directory creation in `FileSystemBlobStore` and `FileSystemJobResultStore`.
   
   ## Brief change log
   
   * The delegation token manager initialization moved before HA services and trigger a manual token obtain + local JVM receiver propagation. This is the solution for the job manager side.
   * Deferred base directory creation in `FileSystemBlobStore` and `FileSystemJobResultStore`. This is the solution for the task manager side.
   * Changed the `DelegationTokenManager` API documentation for better clarity
   * Changed a log message for better clarity
   
   ## Verifying this change
   
   Manually on cluster.
   
   ## Does this pull request potentially affect one of the following parts:
   
     - Dependencies (does it add or upgrade a dependency): no
     - The public API, i.e., is any changed class annotated with `@Public(Evolving)`: yes
     - The serializers: no
     - The runtime per-record code paths (performance sensitive): no
     - Anything that affects deployment or recovery: JobManager (and its components), Checkpointing, Kubernetes/Yarn, ZooKeeper: no
     - The S3 file system connector: no
   
   ## Documentation
   
     - Does this pull request introduce a new feature? no
     - If yes, how is the feature documented? not applicable
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] gyfora merged pull request #22325: [FLINK-31656][runtime][security] Obtain delegation tokens early to support external file system usage in HA services

Posted by "gyfora (via GitHub)" <gi...@apache.org>.
gyfora merged PR #22325:
URL: https://github.com/apache/flink/pull/22325


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] gaborgsomogyi commented on pull request #22325: [FLINK-31656][runtime][security] Obtain delegation tokens early to support external file system usage in HA services

Posted by "gaborgsomogyi (via GitHub)" <gi...@apache.org>.
gaborgsomogyi commented on PR #22325:
URL: https://github.com/apache/flink/pull/22325#issuecomment-1493831781

   cc @gyfora 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] gaborgsomogyi commented on pull request #22325: [FLINK-31656][runtime][security] Obtain delegation tokens early to support external file system usage in HA services

Posted by "gaborgsomogyi (via GitHub)" <gi...@apache.org>.
gaborgsomogyi commented on PR #22325:
URL: https://github.com/apache/flink/pull/22325#issuecomment-1493832458

   This is backport of https://github.com/apache/flink/pull/22298


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [flink] flinkbot commented on pull request #22325: [FLINK-31656][runtime][security] Obtain delegation tokens early to support external file system usage in HA services

Posted by "flinkbot (via GitHub)" <gi...@apache.org>.
flinkbot commented on PR #22325:
URL: https://github.com/apache/flink/pull/22325#issuecomment-1493838117

   <!--
   Meta data
   {
     "version" : 1,
     "metaDataEntries" : [ {
       "hash" : "698b1908c3208c73e1bba19e934cd76e5b4ce447",
       "status" : "UNKNOWN",
       "url" : "TBD",
       "triggerID" : "698b1908c3208c73e1bba19e934cd76e5b4ce447",
       "triggerType" : "PUSH"
     } ]
   }-->
   ## CI report:
   
   * 698b1908c3208c73e1bba19e934cd76e5b4ce447 UNKNOWN
   
   <details>
   <summary>Bot commands</summary>
     The @flinkbot bot supports the following commands:
   
    - `@flinkbot run azure` re-run the last Azure build
   </details>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org