[
https://issues.apache.org/jira/browse/FLINK-8275?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16295515#comment-16295515
]
ASF GitHub Bot commented on FLINK-8275:
---------------------------------------
Github user EronWright commented on the issue:
https://github.com/apache/flink/pull/5172
This PR probably fixes the problem, but it would be good to address the
deeper problem that the code is confusing. At least we could add some
commentary to the code. The specific problems, in my view, are:
1. A filename is transmitted from client -> AM -> TM in the env variable
`_KEYTAB_PATH` but the value doesn't appear to be used. In effect it is a
flag asserting that a keytab named `krb5.keytab` is available. Alternatives:
a. Use `krb5.keytab` as the value.
b. Eliminate the env check and simply look for the file; if present, use
it.
2. The existence of the "integration test code" has an unclear purpose.
It mutates the Hadoop configuration, why? Is the code active in any
production scenario?
Note that `YarnTaskExecutorRunner` implements this in a slightly different
way, and should be re-tested for 1.5.0 (since I don't think it is in use yet).
> Flink YARN deployment with Kerberos enabled not working
> --------------------------------------------------------
>
> Key: FLINK-8275
> URL: https://issues.apache.org/jira/browse/FLINK-8275
> Project: Flink
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.4.0
> Reporter: Shuyi Chen
> Assignee: Shuyi Chen
> Priority: Blocker
> Fix For: 1.5.0
>
>
> The local keytab path in YarnTaskManagerRunner is incorrectly set to the
> ApplicationMaster's local keytab path. This causes jobs to fail because the
> TaskManager can't read the keytab.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
