You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Rong Rong (Jira)" <ji...@apache.org> on 2020/01/12 23:33:00 UTC
[jira] [Updated] (FLINK-15561) Improve Kerberos delegation token
login
[ https://issues.apache.org/jira/browse/FLINK-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rong Rong updated FLINK-15561:
------------------------------
Description:
Currently the security HadoopModule handles delegation token login seems to be not working.
Some improvements including: spawning a delegation token renewal thread. See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84
and [2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538
Another is to ensure delegation token is also a valid format of credential when launching YARN context. See [1] https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 and [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146
was:
Currently the security HadoopModule handles delegation token login without spawning a delegation token renewal thread. We might need to include this to support delegation token.
See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84
and
[2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538
> Improve Kerberos delegation token login
> ----------------------------------------
>
> Key: FLINK-15561
> URL: https://issues.apache.org/jira/browse/FLINK-15561
> Project: Flink
> Issue Type: Bug
> Components: Deployment / YARN
> Reporter: Rong Rong
> Assignee: Rong Rong
> Priority: Major
>
> Currently the security HadoopModule handles delegation token login seems to be not working.
> Some improvements including: spawning a delegation token renewal thread. See: [1] https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84
> and [2] https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538
> Another is to ensure delegation token is also a valid format of credential when launching YARN context. See [1] https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 and [2] https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146
--
This message was sent by Atlassian Jira
(v8.3.4#803005)