You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Niels Basjes (JIRA)" <ji...@apache.org> on 2016/08/01 08:02:20 UTC
[jira] [Created] (FLINK-4287) Unable to access secured HBase from a
yarn-session.
Niels Basjes created FLINK-4287:
-----------------------------------
Summary: Unable to access secured HBase from a yarn-session.
Key: FLINK-4287
URL: https://issues.apache.org/jira/browse/FLINK-4287
Project: Flink
Issue Type: Improvement
Components: YARN Client
Affects Versions: 1.0.3
Reporter: Niels Basjes
Assignee: Niels Basjes
When I start {{yarn-session.sh -n1}} against a Kerberos secured Yarn+HBase cluster I see this in the messages:
{quote}
2016-08-01 09:53:01,763 INFO org.apache.flink.yarn.Utils - Attempting to obtain Kerberos security token for HBase
2016-08-01 09:53:01,763 INFO org.apache.flink.yarn.Utils - HBase is not available (not packaged with this application): ClassNotFoundException : "org.apache.hadoop.hbase.HBaseConfiguration".
{quote}
as a consequence it has become impossible to access a secured HBase from this yarn session.
From what I see now at least two things need to be done:
# Add all relevant HBase parts to the yarn-session.sh scripting.
# Add an optional option to pass principle and keytab file so the session can last longer than the time the Kerberos tickets last. (i.e pass these parameters into a call to {{UserGroupInformation.loginUserFromKeytab(user, keytabFile);}})
I do see that this would leave an important problem open:
This yarnsession is accessible by everyone on the cluster and as a consequence they can run jobs in there that can access all data I have access to. Perhaps this should be a separate jira issue?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)