[
https://issues.apache.org/jira/browse/FLINK-27191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17522025#comment-17522025
]
luoyuxia edited comment on FLINK-27191 at 4/14/22 2:39 AM:
-----------------------------------------------------------
[~straw] Appreciated for your detail explaination. IIUC, you mean the thread
wrapped for new principal to access hive will modify
[authenticationMethod|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L310]
which is also be checked by the autoRenewalThread?
The wapper will call method [loginUserFromKeytabAndReturnUGI|#L1040]], but from
the code, seems it will create a new [UGI|#L1063]], and set
[authenticationMethod|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L310]
for the new UGI. Actually they modify different object, so I think there's no
race.
was (Author: luoyuxia):
[~straw] Appreciated for your detail explaination. IIUC, you mean the thread
wrapped for new principal to access hive will modify
[authenticationMethod|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L310]
which is also be checked by the autoRenewalThread?
>From the UGI code, the wapper will use method
>[loginUserFromKeytabAndReturnUGI|[https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L1040]],
> seems it will create a new
>[UGI|[https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L1063]],
> and set
>[authenticationMethod|https://github.com/apache/hadoop/blob/1b5c6b3a3b90c6e396e00e991b49d170eb2dac55/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/UserGroupInformation.java#L310]
> for the new UGI. Actually they modify different object, so I think there's
>no race.
> Support multi kerberos-enabled Hive clusters
> ---------------------------------------------
>
> Key: FLINK-27191
> URL: https://issues.apache.org/jira/browse/FLINK-27191
> Project: Flink
> Issue Type: Improvement
> Components: Connectors / Hive
> Reporter: luoyuxia
> Priority: Major
> Fix For: 1.16.0
>
>
> Currently, to access kerberos-enabled Hive cluster, users are expected to add
> key/secret in flink-conf. But it can only access one Hive cluster in one
> Flink cluster, we are also expected to support multi kerberos-enabled Hive
> clusters in one Flink cluster.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
