Hi Aljoscha,
Sorry for my late response . According to my experience , if the
flink-conf.yaml has set the "security.kerberos.login.keytab" and
"security.kerberos.login.contexts" with a kerberos file then yarn will
ship the keytab file to the TaskManager .
Also i can find the log like:
" INFO org.
Hi
Just a quick thought on this:
You might be able to use delegation token to access HBase[1]. It might be a
more secure way instead of distributing your keytab over to all the YARN
nodes.
Hope this helps.
--
Rong
[1] https://wiki.apache.org/hadoop/Hbase/HBaseTokenAuthentication
On Mon, Sep 24
Hi Aljoscha,
Sorry for my late response . According to my experience , if the
flink-conf.yaml has set the "security.kerberos.login.keytab" and
"security.kerberos.login.contexts" with a kerberos file then yarn will
ship the keytab file to the TaskManager .
Also i can find the log like:
" INFO org.
Hi,
if the YARN cluster does not have Kerberos enabled then Flink will not ship the
keytab file to the worker nodes. This means that you have to make sure it is
available at some location where your application can use it yourself. But this
might have security risks.
I'm afraid I don't know a
Hi,
maybe Aljoscha or Eron (both in CC) can help you with this problem, I think
they might know best about the Kerberos security.
Best,
Stefan
> Am 20.09.2018 um 11:20 schrieb 杨光 :
>
> Hi,
> i am using the " per-job YARN session " mode deploy flink job on yarn and my
> flink
> version is 1.4
Hi,
i am using the " per-job YARN session " mode deploy flink job on yarn and
my flink
version is 1.4.1.
https://ci.apache.org/projects/flink/flink-docs-release-1.6/ops/security-kerberos.html
My use case is the yarn cluster where the flink job running is not enabled
the kerberos mode in core-sit