Hi, if the YARN cluster does not have Kerberos enabled then Flink will not ship the keytab file to the worker nodes. This means that you have to make sure it is available at some location where your application can use it yourself. But this might have security risks.
I'm afraid I don't know a better option now, maybe Eron knows one. > On 20. Sep 2018, at 19:51, Stefan Richter <s.rich...@data-artisans.com> wrote: > > Hi, > > maybe Aljoscha or Eron (both in CC) can help you with this problem, I think > they might know best about the Kerberos security. > > Best, > Stefan > >> Am 20.09.2018 um 11:20 schrieb 杨光 <laolang...@gmail.com >> <mailto:laolang...@gmail.com>>: >> >> Hi, >> i am using the " per-job YARN session " mode deploy flink job on yarn and >> my flink >> version is 1.4.1. >> >> https://ci.apache.org/projects/flink/flink-docs-release-1.6/ops/security-kerberos.html >> >> <https://ci.apache.org/projects/flink/flink-docs-release-1.6/ops/security-kerberos.html> >> >> My use case is the yarn cluster where the flink job running is not enabled >> the kerberos mode in core-site.xml ,but i am trying to connecting an HBase >> cluster which is enabled kerberos. So i have to use the >> loginUserFromKeytab() method to init kerberos infomation before init the >> HBase connection. >> >> UserGroupInformation.loginUserFromKeytab(user, keytabLocation); >> >> So how can i get the keytab location in my user code , or is there any >> better ideas to solve the HBase kerberos problem on a yarn not using >> kerberos mode. >> >> THANKS >
