You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Rong Rong (Jira)" <ji...@apache.org> on 2020/01/12 23:33:00 UTC

[jira] [Updated] (FLINK-15561) Improve Kerberos delegation token login

     [ https://issues.apache.org/jira/browse/FLINK-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rong Rong updated FLINK-15561:
------------------------------
    Description: 
Currently the security HadoopModule handles delegation token login seems to be not working.

Some improvements including: spawning a delegation token renewal thread. See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84 
and [2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538

Another is to ensure delegation token is also a valid format of credential when launching YARN context. See [1] https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 and [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146

  was:
Currently the security HadoopModule handles delegation token login without spawning a delegation token renewal thread. We might need to include this to support delegation token.

See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84 
and 
[2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538


> Improve Kerberos delegation token login 
> ----------------------------------------
>
>                 Key: FLINK-15561
>                 URL: https://issues.apache.org/jira/browse/FLINK-15561
>             Project: Flink
>          Issue Type: Bug
>          Components: Deployment / YARN
>            Reporter: Rong Rong
>            Assignee: Rong Rong
>            Priority: Major
>
> Currently the security HadoopModule handles delegation token login seems to be not working.
> Some improvements including: spawning a delegation token renewal thread. See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84 
> and [2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538
> Another is to ensure delegation token is also a valid format of credential when launching YARN context. See [1] https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 and [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146



--
This message was sent by Atlassian Jira
(v8.3.4#803005)