[
https://issues.apache.org/jira/browse/GEARPUMP-355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16200165#comment-16200165
]
ASF GitHub Bot commented on GEARPUMP-355:
-----------------------------------------
GitHub user titikakatoo opened a pull request:
https://github.com/apache/incubator-gearpump/pull/231
[GEARPUMP-355] Fix YarnAppMaster address resolution in a kerberized H…
…adoop/Yarn set-up
Be sure to do all of the following to help us incorporate your contribution
quickly and easily:
- [ ] Make sure the commit message is formatted like:
`[GEARPUMP-<Jira issue #>] Meaningful description of pull request`
- [ ] Make sure tests pass via `sbt clean test`.
- [ ] Make sure old documentation affected by the pull request has been
updated and new documentation added for new functionality.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/titikakatoo/incubator-gearpump
yarn_spnego_authentication
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-gearpump/pull/231.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #231
----
commit 33093d6e6c15a2250d488ec356b6a0093f1b6215
Author: Timea Magyar <[email protected]>
Date: 2017-10-11T12:05:10Z
[GEARPUMP-355] Fix YarnAppMaster address resolution in a kerberized
Hadoop/Yarn set-up
----
> AppMasterResolver fails to run against a kerberized Hadoop cluster
> ------------------------------------------------------------------
>
> Key: GEARPUMP-355
> URL: https://issues.apache.org/jira/browse/GEARPUMP-355
> Project: Apache Gearpump
> Issue Type: Bug
> Components: security, yarn
> Affects Versions: 0.8.4
> Reporter: Timea Magyar
> Fix For: 0.8.4
>
>
> When trying to launch a Gearpump cluster in a kerberized Hadoop/Yarn
> environment, after the Application Master address has been resolved as a
> prerequisite, the YarnAppMaster (responsible for starting GearPump masters,
> workers, UI servers as Yarn containers) address (actor reference) must be
> obtained via Kerberos/Spnego. (Kerberos over http)
> The current implementation for this resides in the AppMasterResolver class
> and is using an apache http client (version 3.x) for establishing a
> connection to the Application Master and obtain the above YarnAppMaster actor
> reference. Since the apache http client does not support the negotiate
> authentication scheme in version 3.x (required for a connection over
> kerberos/spnego) this step will always fail in a kerberized Yarn/Hadoop
> cluster set-up.
> I tested this in a secured/kerberized CDH 5.7.5 environment. I would like to
> provide a patch for this by adapting the SPNEGO-enabled Hadoop web
> connection code from WebHDFS.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
