Sahil Takiar has posted comments on this change. ( http://gerrit.cloudera.org:8080/15340 )
Change subject: IMPALA-9430: always pass through kerberos configs ...................................................................... Patch Set 5: (3 comments) generally LGTM, mostly questions about what the desired behavior is suppose to be. http://gerrit.cloudera.org:8080/#/c/15340/5//COMMIT_MSG Commit Message: http://gerrit.cloudera.org:8080/#/c/15340/5//COMMIT_MSG@15 PS5, Line 15: Having them pick up different : kerberos settings if internal communication is disabled is weird what does this mean exactly? if Impala doesn't set the necessary env variables , then will the Hadoop components use some fallback from core-site.xml? does that mean this patch is basically an improvement to how Kerberos get's configured? e.g. before this patch, you couldn't use Impala flags to configure external Kerberos authentication (unless --principal is set), but after this patch you can? http://gerrit.cloudera.org:8080/#/c/15340/5//COMMIT_MSG@19 PS5, Line 19: It matches the documentation of the flags "Kerberos will not be used for internal or external connections if this is not set." (from the docs for --principal) not sure what external communication is suppose to be in this case, but should the docs for --principal be updated here? the docs of --principal make it sounds like Kerberos isn't use for any connections unless --principal is set, but things changes things right? impala-HMS connections can be kerberized without --principal being set http://gerrit.cloudera.org:8080/#/c/15340/5/be/src/rpc/rpc-mgr-kerberized-test.cc File be/src/rpc/rpc-mgr-kerberized-test.cc: http://gerrit.cloudera.org:8080/#/c/15340/5/be/src/rpc/rpc-mgr-kerberized-test.cc@206 PS5, Line 206: // Check that the above changes went into the appropriate env variables. : EXPECT_EQ("/tmp/DisabledKerberosConfigsKeytab", string(getenv("KRB5_KTNAME"))); : EXPECT_EQ("/tmp/DisabledKerberosConfigsCC", string(getenv("KRB5CCNAME"))); : EXPECT_EQ("/tmp/DisabledKerberosConfigsConf", string(getenv("KRB5_CONFIG"))); : EXPECT_EQ("/tmp/DisabledKerberosConfigsDebug", string(getenv("KRB5_TRACE"))); just to clarify, the kerberos config flags get passed to Hadoop via these env variables? -- To view, visit http://gerrit.cloudera.org:8080/15340 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: If4bb311c7ab7173232aab36c5ed801f93f38f5b9 Gerrit-Change-Number: 15340 Gerrit-PatchSet: 5 Gerrit-Owner: Tim Armstrong <tarmstr...@cloudera.com> Gerrit-Reviewer: Impala Public Jenkins <impala-public-jenk...@cloudera.com> Gerrit-Reviewer: Sahil Takiar <stak...@cloudera.com> Gerrit-Comment-Date: Fri, 06 Mar 2020 23:02:49 +0000 Gerrit-HasComments: Yes
