flink-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Maximilian Michels <...@apache.org>
Subject Re: Flink using Yarn on MapR
Date Thu, 24 Nov 2016 17:22:33 GMT
Hi Naveen,

The new Kerberos authentication code in Flink assumes that we're
running against vanilla Hadoop. The unmodified Hadoop's behavior is to
skip a secure login if security is not configured. This is different
for the MapR Hadoop version.

Thus, we need to make sure we don't perform any login action if
security is not configured. I'm in the process of restructuring the
security code. I've submitted a first PR which fixes the problem
reported by you: https://github.com/apache/flink/pull/2864

Thanks,
Max

On Fri, Nov 11, 2016 at 3:22 PM, vijikarthi <vijikarthi@yahoo.com> wrote:
> Flink security context gets initialized during the application start phase.
> As part of the initialization, the UserGroupInformation (UGI) instance is
> bootstrapped using the Hadoop configuration files (read: HADOOP_CONF_DIR or
> YARN_CONF_DIR environment variable is set). If the hadoop configuration
> (core-site) enables security, then the UGI context uses JAAS module to
> load/login through Kerberos. Looks like in this case, the Hadoop
> configurations that got loaded somehow has the security enabled and UGI is
> trying to obtain the identity using keytab cache.
>
>
>
> --
> View this message in context: http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-tp14484p14496.html
> Sent from the Apache Flink Mailing List archive. mailing list archive at Nabble.com.

Mime
View raw message