flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niels Basjes (JIRA)" <j...@apache.org>
Subject [jira] [Created] (FLINK-4287) Unable to access secured HBase from a yarn-session.
Date Mon, 01 Aug 2016 08:02:20 GMT
Niels Basjes created FLINK-4287:

             Summary: Unable to access secured HBase from a yarn-session.
                 Key: FLINK-4287
                 URL: https://issues.apache.org/jira/browse/FLINK-4287
             Project: Flink
          Issue Type: Improvement
          Components: YARN Client
    Affects Versions: 1.0.3
            Reporter: Niels Basjes
            Assignee: Niels Basjes

When I start {{yarn-session.sh -n1}} against a Kerberos secured Yarn+HBase cluster I see this
in the messages:

2016-08-01 09:53:01,763 INFO  org.apache.flink.yarn.Utils                                
  - Attempting to obtain Kerberos security token for HBase
2016-08-01 09:53:01,763 INFO  org.apache.flink.yarn.Utils                                
  - HBase is not available (not packaged with this application): ClassNotFoundException :

as a consequence it has become impossible to access a secured HBase from this yarn session.

>From what I see now at least two things need to be done:
# Add all relevant HBase parts to the yarn-session.sh scripting.
# Add an optional option to pass principle and keytab file so the session can last longer
than the time the Kerberos tickets last. (i.e pass these parameters into a call to {{UserGroupInformation.loginUserFromKeytab(user,

I do see that this would leave an important problem open:

This yarnsession is accessible by everyone on the cluster and as a consequence they can run
jobs in there that can access all data I have access to. Perhaps this should be a separate
jira issue?

This message was sent by Atlassian JIRA

View raw message