You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@flink.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/01/20 07:06:26 UTC

[jira] [Commented] (FLINK-5580) Kerberos keytabs not working for YARN deployment mode

    [ https://issues.apache.org/jira/browse/FLINK-5580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15831322#comment-15831322 ] 

ASF GitHub Bot commented on FLINK-5580:
---------------------------------------

GitHub user tzulitai opened a pull request:

    https://github.com/apache/flink/pull/3177

    [FLINK-5580] [security] Fix path setting of shipped Kerberos keytabs in YARN mode

    Previously, the local path of the shipped keytab was set _after_ `SecurityConfiguration` was created, causing the picked up keytab path to be invalid and validation of the security configuration not passing.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/tzulitai/flink FLINK-5580

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/flink/pull/3177.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #3177
    
----
commit 871c6a6601af33f57c3794d6f627a874ac4c8731
Author: Tzu-Li (Gordon) Tai <tz...@apache.org>
Date:   2017-01-20T00:41:05Z

    [FLINK-5580] [security] Fix path setting of shipped Kerberos keytabs in YARN mode

----


> Kerberos keytabs not working for YARN deployment mode
> -----------------------------------------------------
>
>                 Key: FLINK-5580
>                 URL: https://issues.apache.org/jira/browse/FLINK-5580
>             Project: Flink
>          Issue Type: Bug
>          Components: Security, YARN
>            Reporter: Tzu-Li (Gordon) Tai
>            Assignee: Tzu-Li (Gordon) Tai
>            Priority: Critical
>             Fix For: 1.2.0
>
>
> Setup: Kerberos security using keytabs, Flink session on YARN deployment (in standalone, it works fine without problems).
> I’m getting these error messages in the YARN node managers, causing the TaskManager containers to fail to start properly:
> {{org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:tzulitai (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]}}
> The security configuration for Hadoop has been set to "kerberos", to the "auto: SIMPLE" seems very strange. It also seems as if credential tokens has not been properly set for the {{ContainerLaunchContext}} s, which may be an issue causing this.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)