flink-user-zh mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "niexxf@163.com" <nie...@163.com>
Subject Re: Flink on YARN 使用Kerboros认证失败
Date Tue, 24 Mar 2020 13:47:40 GMT
对于Flink on YARN,最简单的情况是直接在终端 kinit,就能提交任务。flink本身不用配置。
Can't get Kerberos realm一般是是krb5.conf对应realm的配置的问题。

flink/hadoop0@EXAMPLE.COM <mailto:flink/hadoop0@EXAMPLE.COM>  hadoop0不知道是不是主机,这看起来像是个服务的principal
。 这里应该是user的principal 就行了。






> 在 2020年3月24日,下午9:03,巫旭阳 <danxieai258@163.com> 写道:
> 
> 之前在使用hadoop client时设置了一个系统变量, 当这个变量没设置的时候就会报之前的错误
> System.setProperty("java.security.krb5.conf", "C:\\Users\\86177\\Desktop\\tmp\\5\\krb5.conf"
);
> 但flink on yarn 没有提供这个参数的设置。
> 
> 
> 
> 
> 
> 
> 
> 在 2020-03-24 20:52:44,"aven.wu" <danxieai258@163.com> 写道:
> 
> Flink 提交作业到有kerboros认证的集群报以下异常
> 
> 
> 
> java.lang.Exception: unable to establish the security context
> at org.apache.flink.runtime.security.SecurityUtils.install(SecurityUtils.java:73)
> at org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1124)
> Caused by: java.lang.IllegalArgumentException: Can't get Kerberos realm
> at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:65)
> at org.apache.hadoop.security.UserGroupInformation.initialize(UserGroupInformation.java:276)
> at org.apache.hadoop.security.UserGroupInformation.setConfiguration(UserGroupInformation.java:312)
> at org.apache.flink.runtime.security.modules.HadoopModule.install(HadoopModule.java:70)
> at org.apache.flink.runtime.security.SecurityUtils.install(SecurityUtils.java:67)
> ... 1 more
> Caused by: java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.hadoop.security.authentication.util.KerberosUtil.getDefaultRealm(KerberosUtil.java:84)
> at org.apache.hadoop.security.HadoopKerberosName.setConfiguration(HadoopKerberosName.java:63)
> ... 5 more
> Caused by: KrbException: Cannot locate default realm
> at sun.security.krb5.Config.getDefaultRealm(Config.java:1029)
> ... 11 more
> 
> 
> 
> 使用了官网提供的四个参数,配置在了flink-conf.yaml里
> 
> 
> 
> security.kerberos.login.use-ticket-cache: false
> security.kerberos.login.keytab: /home/flink-1.8.0/conf/flink.keytab
> security.kerberos.login.principal: flink/hadoop0@EXAMPLE.COM
> security.kerberos.login.realm: EXAMPLE.COM
> security.kerberos.login.contexts: KafkaClient
> 
> 
> 
> /home/flink-1.8.0/conf/flink.keytab 文件已放好,
> 
> 
> 
> 
> 
> Best
> 
> Aven
> 


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message