You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Rong Rong (Jira)" <ji...@apache.org> on 2020/01/15 01:40:00 UTC
[jira] [Commented] (FLINK-15561) Improve Kerberos delegation token
login
[ https://issues.apache.org/jira/browse/FLINK-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17015545#comment-17015545 ]
Rong Rong commented on FLINK-15561:
-----------------------------------
made a simple change on issue #2 and it looks good, maybe we can verify whether this fix works:
https://github.com/walterddr/flink/commit/60240028bebc09e1d65328eb680a3a24108beb94
> Improve Kerberos delegation token login
> ----------------------------------------
>
> Key: FLINK-15561
> URL: https://issues.apache.org/jira/browse/FLINK-15561
> Project: Flink
> Issue Type: Bug
> Components: Deployment / YARN
> Reporter: Rong Rong
> Assignee: Rong Rong
> Priority: Major
> Labels: usability
> Fix For: 1.11.0
>
>
> Currently the security HadoopModule handles delegation token login seems to be not working.
> Some improvements including: spawning a delegation token renewal thread. See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84
> and [2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538
> Another is to ensure delegation token is also a valid format of credential when launching YARN context. See [1] https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 and [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146
--
This message was sent by Atlassian Jira
(v8.3.4#803005)