You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Tzu-Li (Gordon) Tai (JIRA)" <ji...@apache.org> on 2017/01/19 16:22:26 UTC
[jira] [Created] (FLINK-5580) Kerberos keytabs not working for YARN
deployment mode
Tzu-Li (Gordon) Tai created FLINK-5580:
------------------------------------------
Summary: Kerberos keytabs not working for YARN deployment mode
Key: FLINK-5580
URL: https://issues.apache.org/jira/browse/FLINK-5580
Project: Flink
Issue Type: Bug
Components: Security, YARN
Reporter: Tzu-Li (Gordon) Tai
Assignee: Tzu-Li (Gordon) Tai
Priority: Critical
Fix For: 1.2.0
Setup: Kerberos security using keytabs, Flink on YARN deployment (in standalone, it works fine without problems).
I’m getting these error messages in the YARN node managers, causing the TaskManager containers to fail to start properly:
{{org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:tzulitai (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]}}
The security configuration for Hadoop has been set to "kerberos", to the "auto: SIMPLE" seems very strange. It also seems as if credential tokens has not been properly set for the `ContainerLaunchContext`s, which may be an issue causing this.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)