[jira] [Commented] (FLINK-15561) Improve Kerberos delegation token login
[ https://issues.apache.org/jira/browse/FLINK-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17042273#comment-17042273 ] Rong Rong commented on FLINK-15561: --- fixed: master: 57c33961a55cff1068345198cb4669d9f1313bf8 release-1.10: 8751e69037d8a9b1756b75eed62a368c3ef29137 > Improve Kerberos delegation token login > > > Key: FLINK-15561 > URL: https://issues.apache.org/jira/browse/FLINK-15561 > Project: Flink > Issue Type: Sub-task > Components: Deployment / YARN >Reporter: Rong Rong >Assignee: Rong Rong >Priority: Major > Labels: pull-request-available, usability > Fix For: 1.10.1, 1.11.0 > > Time Spent: 20m > Remaining Estimate: 0h > > Inspired by the discussion in > [http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Yarn-Kerberos-issue-td31894.html#a31933] > > Currently the security HadoopModule handles delegation token login utilizes 2 > different code path. > Flink needs to to ensure delegation token is also a valid format of > credential when launching YARN context. See [1] > [https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484] > and [2] > [https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-15561) Improve Kerberos delegation token login
[ https://issues.apache.org/jira/browse/FLINK-15561?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17015545#comment-17015545 ] Rong Rong commented on FLINK-15561: --- made a simple change on issue #2 and it looks good, maybe we can verify whether this fix works: https://github.com/walterddr/flink/commit/60240028bebc09e1d65328eb680a3a24108beb94 > Improve Kerberos delegation token login > > > Key: FLINK-15561 > URL: https://issues.apache.org/jira/browse/FLINK-15561 > Project: Flink > Issue Type: Bug > Components: Deployment / YARN >Reporter: Rong Rong >Assignee: Rong Rong >Priority: Major > Labels: usability > Fix For: 1.11.0 > > > Currently the security HadoopModule handles delegation token login seems to > be not working. > Some improvements including: spawning a delegation token renewal thread. See: > [1] > https://github.com/apache/flink/blob/release-1.9/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L84 > > and [2] > https://github.com/hanborq/hadoop/blob/master/src/core/org/apache/hadoop/security/UserGroupInformation.java#L538 > Another is to ensure delegation token is also a valid format of credential > when launching YARN context. See [1] > https://github.com/apache/flink/blob/master/flink-yarn/src/main/java/org/apache/flink/yarn/YarnClusterDescriptor.java#L484 > and [2] > https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/modules/HadoopModule.java#L146 -- This message was sent by Atlassian Jira (v8.3.4#803005)