hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hive QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-21922) Allow keytabs to be reused in LLAP yarn applications through Yarn localization
Date Wed, 26 Jun 2019 06:31:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-21922?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16872985#comment-16872985
] 

Hive QA commented on HIVE-21922:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12972894/HIVE-21922.1.patch

{color:red}ERROR:{color} -1 due to build exiting with an error

Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/17744/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/17744/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-17744/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Tests exited with: Exception: Patch URL https://issues.apache.org/jira/secure/attachment/12972894/HIVE-21922.1.patch
was found in seen patch url's cache and a test was probably run already on it. Aborting...
{noformat}

This message is automatically generated.

ATTACHMENT ID: 12972894 - PreCommit-HIVE-Build

> Allow keytabs to be reused in LLAP yarn applications through Yarn localization
> ------------------------------------------------------------------------------
>
>                 Key: HIVE-21922
>                 URL: https://issues.apache.org/jira/browse/HIVE-21922
>             Project: Hive
>          Issue Type: New Feature
>            Reporter: Adam Szita
>            Assignee: Adam Szita
>            Priority: Major
>         Attachments: HIVE-21922.0.patch, HIVE-21922.1.patch
>
>
> In secure clusters LLAP has to be able to reach keytab files for kerberos login.
> Currently _hive.llap.task.scheduler.am.registry.keytab.file_ and _hive.llap.daemon.keytab.file_
configs are used to define the path of such keytabs on the Tez AM and LLAP daemon side respectively.
Both presume local file system paths only - hence all nodes in the LLAP cluster (even those
that eventually don't end up executing a daemon...) have to have Hive's keytab preinstalled
on them.
> The above is described by this strategy: [Pre-installed_Keytabs_for_AM_and_containers|https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Pre-installed_Keytabs_for_AM_and_containers]
> Another approach can be [Keytabs_for_AM_and_containers_distributed_via_YARN|https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Keytabs_for_AM_and_containers_distributed_via_YARN] where
we rely on HDFS and Yarn resource localization, and no prior keytab distribution is required.
I intend to make this strategy an option for Hive-LLAP in this jira.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message