[
https://issues.apache.org/jira/browse/AIRFLOW-987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16689291#comment-16689291
]
Pratap20 commented on AIRFLOW-987:
----------------------------------
Hi I am also facing the same issue .
Can anyone help me out ?
I am using airflow version 1.8.0 having issue with renew kerberos ticket.
frequently failing to renew ticket and airflow kerberos process gets exited.
Below are error logs .
[2018-11-16 01:00:48,899] \{kerberos.py:43} INFO - Reinitting kerberos from
keytab: kinit -r 3600m -k -t /home/user_test/user_test.keytab -c
/tmp/airflow_krb5_ccache user_test
[2018-11-16 01:00:48,910] \{kerberos.py:55} ERROR - Couldn't reinit from
keytab! `kinit' exited with 1.
kinit: Pre-authentication failed: No key table entry found for
[email protected] while getting initial credentials
Kerberos configuration in airflow.cfg:
[kerberos]
#ccache = /tmp/airflow_krb5_ccache
# gets augmented with fqdn
principal = user_test
reinit_frequency = 3600
kinit_path = /usr/bin/kinit
keytab = /home/user_test/user_test.keytab
to start airflow kerberos process we are using below script:
$cat startup_kerberos.sh
#! /bin/sh
# Startup Script for Airflow
echo "Starting Up Kerberos Renewer"
nohup airflow kerberos $* >> /data/airflow/logs/kerberos.logs &
> `airflow kerberos` ignores --keytab and --principal arguments
> -------------------------------------------------------------
>
> Key: AIRFLOW-987
> URL: https://issues.apache.org/jira/browse/AIRFLOW-987
> Project: Apache Airflow
> Issue Type: Bug
> Components: security
> Affects Versions: 1.8.0
> Environment: 1.8-rc5
> Reporter: Ruslan Dautkhanov
> Assignee: Pratap20
> Priority: Major
> Labels: easyfix, kerberos, security
>
> No matter which arguments I pass to `airflow kerberos`,
> it always executes as `kinit -r 3600m -k -t airflow.keytab -c
> /tmp/airflow_krb5_ccache airflow`
> So it failes with expected "kinit: Keytab contains no suitable keys for
> [email protected] while getting initial credentials"
> Tried different arguments, -kt and --keytab, here's one of the runs (some
> lines wrapped for readability):
> {noformat}
> $ airflow kerberos -kt /home/rdautkha/.keytab [email protected]
> [2017-03-14 23:50:11,523] {__init__.py:57} INFO - Using executor LocalExecutor
> [2017-03-14 23:50:12,069] {kerberos.py:43} INFO - Reinitting kerberos from
> keytab:
> kinit -r 3600m -k -t airflow.keytab -c /tmp/airflow_krb5_ccache airflow
> [2017-03-14 23:50:12,080] {kerberos.py:55} ERROR -
> Couldn't reinit from keytab! `kinit' exited with 1.
> kinit: Keytab contains no suitable keys for [email protected]
> while getting initial credentials
> {noformat}
> 1.8-rc5
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
