flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Metzger (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (FLINK-9685) Flink should support hostname-substitution for security.kerberos.login.principal
Date Fri, 01 Mar 2019 07:58:00 GMT

     [ https://issues.apache.org/jira/browse/FLINK-9685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Metzger updated FLINK-9685:
----------------------------------
    Component/s: Runtime / Coordination

> Flink should support hostname-substitution for security.kerberos.login.principal
> --------------------------------------------------------------------------------
>
>                 Key: FLINK-9685
>                 URL: https://issues.apache.org/jira/browse/FLINK-9685
>             Project: Flink
>          Issue Type: Improvement
>          Components: Runtime / Coordination
>            Reporter: Ethan Li
>            Assignee: Aleksandr Salatich
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> [https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityConfiguration.java#L83]
>  
> We can have something like this
> {code:java}
> String rawPrincipal = flinkConf.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL);
> if (rawPrincipal != null) {
>    try {
>       rawPrincipal = rawPrincipal.replace("HOSTNAME", InetAddress.getLocalHost().getCanonicalHostName());
>    } catch (UnknownHostException e) {
>       LOG.error("Failed to replace HOSTNAME with localhost because {}", e);
>    }
> }
> this.principal = rawPrincipal;
> {code}
> So it will be easier to deploy flink to cluster. Instead of setting different principal
on every node, we can have the same principal headless_user/HOSTNAME@DOMAIN .



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message