flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From vijikarthi <...@git.apache.org>
Subject [GitHub] flink issue #2275: FLINK-3929 Support for Kerberos Authentication with Keyta...
Date Sun, 28 Aug 2016 20:13:39 GMT
Github user vijikarthi commented on the issue:

    https://github.com/apache/flink/pull/2275
  
    > 
    YARNSessionFIFOSecuredITCase gives me the following:
    17:49:58,097 INFO SecurityLogger.org.apache.hadoop.ipc.Server - Auth successful for appattempt_1471880990715_0001_000001
(auth:SIMPLE)
    It is not using Kerberos it seems. We should check that security is really enabled and
fail the test if not.
    
    @mxm I am not sure why the log statements from IPC layers are using auth:SIMPLE but I
have verified the same messages (NM/RM logs) on a running HDP (secure) cluster too. I would
imagine this is the default implementation and we can ignore those messages. However, while
investigating this issue, I have found an interesting problem with YarnMiniCluster. The containers
created does not have the Yarn Configuration that we pass through the test code. The KRB5
file is also not visible and hence the UGI/security context that we create was missing proper
Hadoop configurations. I have fixed the issue and patched it.
    
    I have also disabled the RollingSinkSecure IT test case since secure MiniFS cluster requires
privileged ports. We can enable the test case when the patch (HDFS-9213) is made in to main
stream.
    
    Please take a look and let me know if you can deploy and run the code.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message