Re: Flink using Yarn on MapR

2016-11-30 Thread Naveen Tirupattur 
Thanks Max for a quick response. I will try it out and let you know how it goes.
-Naveen
> On Nov 25, 2016, at 6:05 AM, Maximilian Michels <m...@apache.org> wrote:
> 
> Fix is now in the master and everything should run smooth with MapR
> Hadoop. I'd be happy if you gave it another try.
> 
> -Max
> 
> 
> On Thu, Nov 24, 2016 at 6:22 PM, Maximilian Michels <m...@apache.org> wrote:
>> Hi Naveen,
>> 
>> The new Kerberos authentication code in Flink assumes that we're
>> running against vanilla Hadoop. The unmodified Hadoop's behavior is to
>> skip a secure login if security is not configured. This is different
>> for the MapR Hadoop version.
>> 
>> Thus, we need to make sure we don't perform any login action if
>> security is not configured. I'm in the process of restructuring the
>> security code. I've submitted a first PR which fixes the problem
>> reported by you: https://github.com/apache/flink/pull/2864
>> 
>> Thanks,
>> Max
>> 
>> On Fri, Nov 11, 2016 at 3:22 PM, vijikarthi <vijikar...@yahoo.com> wrote:
>>> Flink security context gets initialized during the application start phase.
>>> As part of the initialization, the UserGroupInformation (UGI) instance is
>>> bootstrapped using the Hadoop configuration files (read: HADOOP_CONF_DIR or
>>> YARN_CONF_DIR environment variable is set). If the hadoop configuration
>>> (core-site) enables security, then the UGI context uses JAAS module to
>>> load/login through Kerberos. Looks like in this case, the Hadoop
>>> configurations that got loaded somehow has the security enabled and UGI is
>>> trying to obtain the identity using keytab cache.
>>> 
>>> 
>>> 
>>> --
>>> View this message in context: 
>>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-tp14484p14496.html
>>> Sent from the Apache Flink Mailing List archive. mailing list archive at 
>>> Nabble.com.

RE: Flink using Yarn on MapR

2016-11-25 Thread Anton Solovev 
Sorry, wrong thread

-Original Message-
From: Anton Solovev [mailto:anton_solo...@epam.com] 
Sent: Friday, November 25, 2016 7:20 PM
To: dev@flink.apache.org
Subject: RE: Flink using Yarn on MapR


I agree that we should improve RowTypeInfo. But why not to keep it in Scala?
In case flink-2186 that the "Row" is a "Product" is a reason of supporting wide 
columns indeed.
Just for example I tried to move the "Row" to flink-scala module
(https://github.com/apache/flink/compare/master...tonycox:FLINK-2186-x)
(https://travis-ci.org/tonycox/flink/builds/178846355)

-Original Message-
From: Maximilian Michels [mailto:m...@apache.org]
Sent: Friday, November 25, 2016 6:06 PM
To: dev@flink.apache.org
Cc: Naveen Tirupattur <ntirupat...@maprtech.com>
Subject: Re: Flink using Yarn on MapR

Fix is now in the master and everything should run smooth with MapR Hadoop. I'd 
be happy if you gave it another try.

-Max


On Thu, Nov 24, 2016 at 6:22 PM, Maximilian Michels <m...@apache.org> wrote:
> Hi Naveen,
>
> The new Kerberos authentication code in Flink assumes that we're 
> running against vanilla Hadoop. The unmodified Hadoop's behavior is to 
> skip a secure login if security is not configured. This is different 
> for the MapR Hadoop version.
>
> Thus, we need to make sure we don't perform any login action if 
> security is not configured. I'm in the process of restructuring the 
> security code. I've submitted a first PR which fixes the problem 
> reported by you: https://github.com/apache/flink/pull/2864
>
> Thanks,
> Max
>
> On Fri, Nov 11, 2016 at 3:22 PM, vijikarthi <vijikar...@yahoo.com> wrote:
>> Flink security context gets initialized during the application start phase.
>> As part of the initialization, the UserGroupInformation (UGI) 
>> instance is bootstrapped using the Hadoop configuration files (read:
>> HADOOP_CONF_DIR or YARN_CONF_DIR environment variable is set). If the 
>> hadoop configuration
>> (core-site) enables security, then the UGI context uses JAAS module 
>> to load/login through Kerberos. Looks like in this case, the Hadoop 
>> configurations that got loaded somehow has the security enabled and 
>> UGI is trying to obtain the identity using keytab cache.
>>
>>
>>
>> --
>> View this message in context: 
>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-
>> using-Yarn-on-MapR-tp14484p14496.html
>> Sent from the Apache Flink Mailing List archive. mailing list archive at 
>> Nabble.com.

RE: Flink using Yarn on MapR

2016-11-25 Thread Anton Solovev 

I agree that we should improve RowTypeInfo. But why not to keep it in Scala?
In case flink-2186 that the "Row" is a "Product" is a reason of supporting wide 
columns indeed.
Just for example I tried to move the "Row" to flink-scala module
(https://github.com/apache/flink/compare/master...tonycox:FLINK-2186-x)
(https://travis-ci.org/tonycox/flink/builds/178846355)

-Original Message-
From: Maximilian Michels [mailto:m...@apache.org] 
Sent: Friday, November 25, 2016 6:06 PM
To: dev@flink.apache.org
Cc: Naveen Tirupattur <ntirupat...@maprtech.com>
Subject: Re: Flink using Yarn on MapR

Fix is now in the master and everything should run smooth with MapR Hadoop. I'd 
be happy if you gave it another try.

-Max


On Thu, Nov 24, 2016 at 6:22 PM, Maximilian Michels <m...@apache.org> wrote:
> Hi Naveen,
>
> The new Kerberos authentication code in Flink assumes that we're 
> running against vanilla Hadoop. The unmodified Hadoop's behavior is to 
> skip a secure login if security is not configured. This is different 
> for the MapR Hadoop version.
>
> Thus, we need to make sure we don't perform any login action if 
> security is not configured. I'm in the process of restructuring the 
> security code. I've submitted a first PR which fixes the problem 
> reported by you: https://github.com/apache/flink/pull/2864
>
> Thanks,
> Max
>
> On Fri, Nov 11, 2016 at 3:22 PM, vijikarthi <vijikar...@yahoo.com> wrote:
>> Flink security context gets initialized during the application start phase.
>> As part of the initialization, the UserGroupInformation (UGI) 
>> instance is bootstrapped using the Hadoop configuration files (read: 
>> HADOOP_CONF_DIR or YARN_CONF_DIR environment variable is set). If the 
>> hadoop configuration
>> (core-site) enables security, then the UGI context uses JAAS module 
>> to load/login through Kerberos. Looks like in this case, the Hadoop 
>> configurations that got loaded somehow has the security enabled and 
>> UGI is trying to obtain the identity using keytab cache.
>>
>>
>>
>> --
>> View this message in context: 
>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-
>> using-Yarn-on-MapR-tp14484p14496.html
>> Sent from the Apache Flink Mailing List archive. mailing list archive at 
>> Nabble.com.

Re: Flink using Yarn on MapR

2016-11-25 Thread Maximilian Michels 
Fix is now in the master and everything should run smooth with MapR
Hadoop. I'd be happy if you gave it another try.

-Max


On Thu, Nov 24, 2016 at 6:22 PM, Maximilian Michels <m...@apache.org> wrote:
> Hi Naveen,
>
> The new Kerberos authentication code in Flink assumes that we're
> running against vanilla Hadoop. The unmodified Hadoop's behavior is to
> skip a secure login if security is not configured. This is different
> for the MapR Hadoop version.
>
> Thus, we need to make sure we don't perform any login action if
> security is not configured. I'm in the process of restructuring the
> security code. I've submitted a first PR which fixes the problem
> reported by you: https://github.com/apache/flink/pull/2864
>
> Thanks,
> Max
>
> On Fri, Nov 11, 2016 at 3:22 PM, vijikarthi <vijikar...@yahoo.com> wrote:
>> Flink security context gets initialized during the application start phase.
>> As part of the initialization, the UserGroupInformation (UGI) instance is
>> bootstrapped using the Hadoop configuration files (read: HADOOP_CONF_DIR or
>> YARN_CONF_DIR environment variable is set). If the hadoop configuration
>> (core-site) enables security, then the UGI context uses JAAS module to
>> load/login through Kerberos. Looks like in this case, the Hadoop
>> configurations that got loaded somehow has the security enabled and UGI is
>> trying to obtain the identity using keytab cache.
>>
>>
>>
>> --
>> View this message in context: 
>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-tp14484p14496.html
>> Sent from the Apache Flink Mailing List archive. mailing list archive at 
>> Nabble.com.

Re: Flink using Yarn on MapR

2016-11-24 Thread Maximilian Michels 
Hi Naveen,

The new Kerberos authentication code in Flink assumes that we're
running against vanilla Hadoop. The unmodified Hadoop's behavior is to
skip a secure login if security is not configured. This is different
for the MapR Hadoop version.

Thus, we need to make sure we don't perform any login action if
security is not configured. I'm in the process of restructuring the
security code. I've submitted a first PR which fixes the problem
reported by you: https://github.com/apache/flink/pull/2864

Thanks,
Max

On Fri, Nov 11, 2016 at 3:22 PM, vijikarthi <vijikar...@yahoo.com> wrote:
> Flink security context gets initialized during the application start phase.
> As part of the initialization, the UserGroupInformation (UGI) instance is
> bootstrapped using the Hadoop configuration files (read: HADOOP_CONF_DIR or
> YARN_CONF_DIR environment variable is set). If the hadoop configuration
> (core-site) enables security, then the UGI context uses JAAS module to
> load/login through Kerberos. Looks like in this case, the Hadoop
> configurations that got loaded somehow has the security enabled and UGI is
> trying to obtain the identity using keytab cache.
>
>
>
> --
> View this message in context: 
> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-tp14484p14496.html
> Sent from the Apache Flink Mailing List archive. mailing list archive at 
> Nabble.com.

Re: Flink using Yarn on MapR

2016-11-11 Thread vijikarthi 
Flink security context gets initialized during the application start phase.
As part of the initialization, the UserGroupInformation (UGI) instance is
bootstrapped using the Hadoop configuration files (read: HADOOP_CONF_DIR or
YARN_CONF_DIR environment variable is set). If the hadoop configuration
(core-site) enables security, then the UGI context uses JAAS module to
load/login through Kerberos. Looks like in this case, the Hadoop
configurations that got loaded somehow has the security enabled and UGI is
trying to obtain the identity using keytab cache.



--
View this message in context: 
http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/Flink-using-Yarn-on-MapR-tp14484p14496.html
Sent from the Apache Flink Mailing List archive. mailing list archive at 
Nabble.com.

Re: Flink using Yarn on MapR

2016-11-11 Thread Till Rohrmann 
Hi Naveen,

I could reproduce your problem with the given Hadoop version
(2.7.0-mapr-1607). It seems to me as if this version always tries to use
Kerberos even though I selected the AuthenticationMethod.SIMPLE (no
Kerberos activated). I've also tested it with vanilla Hadoop 2.7.3 and
there it works. Can it be a peculiarity of this MapR Hadoop version? Can
you use the vanilla version or configure Kerberos?

I've pulled in Max who is more involved in Flink's security feature. Maybe
he can tell you a little bit more.

But in any case, the security feature should never interfere with the
normal execution if not activated. This looks like a bug to me. I've filed
a JIRA issue for that [1].

Concerning the MapR filesystem scheme where does flink complain about it?
Maybe you have to specify the proper "maprfs:" scheme when specifying paths?

[1] https://issues.apache.org/jira/browse/FLINK-5055

Cheers,
Till

On Fri, Nov 11, 2016 at 7:36 AM, Naveen Tirupattur  wrote:

> Hi,
>
> I am trying to setup flink with yarn on MapR. I built flink using the
> following command and build finished successfully.
>
> mvn clean install -DskipTests -Pvendor-repos -Dhadoop.version=2.7.0-mapr-1607
> -Dhadoop.vendor=MapR
>
> Now when I try to start yarn session I am seeing the below error
>
> 2016-11-10 16:03:07,795 DEBUG 
> org.apache.flink.runtime.security.JaasConfiguration
>  - JAAS configuration requested for the application entry:
> hadoop_simple
> Debug is  true storeKey false useTicketCache true useKeyTab false
> doNotPrompt true ticketCache is null isInitiator true KeyTab is null
> refreshKrb5Config is false principal is null tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false
> Acquire TGT from Cache
> >>>KinitOptions cache name is /tmp/krb5cc_0
> Principal is null
> null credentials from Ticket Cache
> [Krb5LoginModule] authentication failed
> Unable to obtain Principal Name for authentication
> 2016-11-10 16:03:07,803 DEBUG org.apache.hadoop.security.UserGroupInformation
>  - failure to login
> javax.security.auth.login.LoginException: Unable to obtain Principal Name
> for authentication
> at com.sun.security.auth.module.Krb5LoginModule.promptForName(
> Krb5LoginModule.java:841)
> at com.sun.security.auth.module.Krb5LoginModule.
> attemptAuthentication(Krb5LoginModule.java:704)
> at com.sun.security.auth.module.Krb5LoginModule.login(
> Krb5LoginModule.java:617)
>
> I am not sure why it is trying to use kerberos for authentication. The
> cluster is an unsecure cluster and I did not enable kerberos.
>
> I also tried running yarn session by directly downloading flink package
> for hadoop 2.7 on MapR and it complains the scheme is file. I could not
> figure out how to change it to MapR FS.
>
> Could you please help me on this.
>
> Thanks,
> Naveen

Flink using Yarn on MapR

2016-11-10 Thread Naveen Tirupattur 
Hi,

I am trying to setup flink with yarn on MapR. I built flink using the following 
command and build finished successfully.

mvn clean install -DskipTests -Pvendor-repos -Dhadoop.version=2.7.0-mapr-1607 
-Dhadoop.vendor=MapR

Now when I try to start yarn session I am seeing the below error

2016-11-10 16:03:07,795 DEBUG 
org.apache.flink.runtime.security.JaasConfiguration   - JAAS 
configuration requested for the application entry: hadoop_simple
Debug is  true storeKey false useTicketCache true useKeyTab false doNotPrompt 
true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is 
false principal is null tryFirstPass is false useFirstPass is false storePass 
is false clearPass is false
Acquire TGT from Cache
>>>KinitOptions cache name is /tmp/krb5cc_0
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed 
Unable to obtain Principal Name for authentication 
2016-11-10 16:03:07,803 DEBUG org.apache.hadoop.security.UserGroupInformation   
- failure to login
javax.security.auth.login.LoginException: Unable to obtain Principal Name for 
authentication 
at 
com.sun.security.auth.module.Krb5LoginModule.promptForName(Krb5LoginModule.java:841)
at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:704)
at 
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)

I am not sure why it is trying to use kerberos for authentication. The cluster 
is an unsecure cluster and I did not enable kerberos. 

I also tried running yarn session by directly downloading flink package for 
hadoop 2.7 on MapR and it complains the scheme is file. I could not figure out 
how to change it to MapR FS.

Could you please help me on this.

Thanks,
Naveen