You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "Yaguang Jia (Jira)" <ji...@apache.org> on 2023/02/09 12:21:00 UTC

[jira] [Updated] (KYLIN-5442) Ticket auto-renewal is not supported when kerberos is enabled for the real-time feature, resulting in failure of the build job

     [ https://issues.apache.org/jira/browse/KYLIN-5442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yaguang Jia updated KYLIN-5442:
-------------------------------
    Description: 
Currently, KAFKA opens kerberos with the following two restrictions.

If using ticketcache authentication

KE cannot automatically update the kerberos ticket on the node where the YARN task is located, and needs to provide a method on the operation and maintenance side to ensure that the kerberos ticket is automatically updated when it expires, which will increase the operation and maintenance costs, so expect the KE side to automatically update it. If the ticket is not updated when it expires, it will cause the real-time task to fail

2. If you use keytab authentication file

Need to add a unified path to the keytab file on KE and YARN clusters refer to the following work order. The customer wants to avoid adding the keytab file on the YARN cluster.

> Ticket auto-renewal is not supported when kerberos is enabled for the real-time feature, resulting in failure of the build job
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KYLIN-5442
>                 URL: https://issues.apache.org/jira/browse/KYLIN-5442
>             Project: Kylin
>          Issue Type: Bug
>    Affects Versions: 5.0-alpha
>            Reporter: Yaguang Jia
>            Assignee: Yaguang Jia
>            Priority: Major
>             Fix For: 5.0-alpha
>
>
> Currently, KAFKA opens kerberos with the following two restrictions.
> If using ticketcache authentication
> KE cannot automatically update the kerberos ticket on the node where the YARN task is located, and needs to provide a method on the operation and maintenance side to ensure that the kerberos ticket is automatically updated when it expires, which will increase the operation and maintenance costs, so expect the KE side to automatically update it. If the ticket is not updated when it expires, it will cause the real-time task to fail
> 2. If you use keytab authentication file
> Need to add a unified path to the keytab file on KE and YARN clusters refer to the following work order. The customer wants to avoid adding the keytab file on the YARN cluster.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)