You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "Tzu-Li (Gordon) Tai (JIRA)" <ji...@apache.org> on 2017/01/19 16:22:26 UTC

[jira] [Created] (FLINK-5580) Kerberos keytabs not working for YARN deployment mode

Tzu-Li (Gordon) Tai created FLINK-5580:
------------------------------------------

             Summary: Kerberos keytabs not working for YARN deployment mode
                 Key: FLINK-5580
                 URL: https://issues.apache.org/jira/browse/FLINK-5580
             Project: Flink
          Issue Type: Bug
          Components: Security, YARN
            Reporter: Tzu-Li (Gordon) Tai
            Assignee: Tzu-Li (Gordon) Tai
            Priority: Critical
             Fix For: 1.2.0


Setup: Kerberos security using keytabs, Flink on YARN deployment (in standalone, it works fine without problems).

I’m getting these error messages in the YARN node managers, causing the TaskManager containers to fail to start properly:
{{org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:tzulitai (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]}}

The security configuration for Hadoop has been set to "kerberos", to the "auto: SIMPLE" seems very strange. It also seems as if credential tokens has not been properly set for the `ContainerLaunchContext`s, which may be an issue causing this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)