Charles Givre created DRILL-7149:
------------------------------------
Summary: Kerberos Code Missing from Drill on YARN
Key: DRILL-7149
URL: https://issues.apache.org/jira/browse/DRILL-7149
Project: Apache Drill
Issue Type: Bug
Components: Security
Affects Versions: 1.14.0
Reporter: Charles Givre
My company is trying to deploy Drill using the Drill on Yarn (DoY) and we have
run into the issue that DoY does not seem to support passing Kerberos
credentials in order to interact with HDFS.
Upon checking the source code available in GIT
(https://github.com/apache/drill/blob/1.14.0/drill-yarn/src/main/java/org/apache/drill/yarn/core/)
and referring to Apache YARN documentation
(https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html)
, we saw no section for passing the security credentials needed by the
application to interact with any Hadoop cluster services and applications.
This we feel needs to be added to the source code so that delegation tokens can
be passed inside the container for the process to be able access Drill archive
on HDFS and start. It probably should be added to the ContainerLaunchContext
within the ApplicationSubmissionContext for DoY as suggested under Apache
documentation.
We tried the same DoY utility on a non-kerberised cluster and the process
started well. Although we ran into a different issue there of hosts getting
blacklisted
We tested with the Single Principal per cluster option.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
