Adam Szita created HIVE-21922: --------------------------------- Summary: Allow keytabs to be reused in LLAP yarn applications through Yarn localization Key: HIVE-21922 URL: https://issues.apache.org/jira/browse/HIVE-21922 Project: Hive Issue Type: New Feature Reporter: Adam Szita Assignee: Adam Szita
In secure clusters LLAP has to be able to reach keytab files for kerberos login. Currently _hive.llap.task.scheduler.am.registry.keytab.file_ and _hive.llap.daemon.keytab.file_ configs are used to define the path of such keytabs on the Tez AM and LLAP daemon side respectively. Both presume local file system paths only - hence all nodes in the LLAP cluster (even those that eventually don't end up executing a daemon...) have to have Hive's keytab preinstalled on them. The above is described by this strategy: [Pre-installed_Keytabs_for_AM_and_containers|https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Pre-installed_Keytabs_for_AM_and_containers] Another approach can be [Keytabs_for_AM_and_containers_distributed_via_YARN|https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Keytabs_for_AM_and_containers_distributed_via_YARN] where we rely on HDFS and Yarn resource localization, and no prior keytab distribution is required. I intend to make this strategy an option for Hive-LLAP in this jira. -- This message was sent by Atlassian JIRA (v7.6.3#76005)