[jira] [Commented] (FLINK-4287) Unable to access secured HBase from a yarn-session.

Mon, 01 Aug 2016 04:17:12 -0700 

    [ 
https://issues.apache.org/jira/browse/FLINK-4287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15401869#comment-15401869
 ] 

ASF GitHub Bot commented on FLINK-4287:
---------------------------------------

GitHub user nielsbasjes opened a pull request:

    https://github.com/apache/flink/pull/2317

    [FLINK-4287] Ensure the yarn-session.sh classpath contains all Hadoop 
related paths

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/nielsbasjes/flink FLINK-4287

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/flink/pull/2317.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #2317
    
----
commit eb157a6b88ed7c493ae061d4d959cf282c4d3439
Author: Niels Basjes <nbas...@bol.com>
Date:   2016-08-01T10:11:11Z

    [FLINK-4287] Ensure the yarn-session.sh classpath contains all Hadoop 
related paths

----


> Unable to access secured HBase from a yarn-session.
> ---------------------------------------------------
>
>                 Key: FLINK-4287
>                 URL: https://issues.apache.org/jira/browse/FLINK-4287
>             Project: Flink
>          Issue Type: Improvement
>          Components: YARN Client
>    Affects Versions: 1.0.3
>            Reporter: Niels Basjes
>            Assignee: Niels Basjes
>
> When I start {{yarn-session.sh -n1}} against a Kerberos secured Yarn+HBase 
> cluster I see this in the messages:
> {quote}
> 2016-08-01 09:53:01,763 INFO  org.apache.flink.yarn.Utils                     
>               - Attempting to obtain Kerberos security token for HBase
> 2016-08-01 09:53:01,763 INFO  org.apache.flink.yarn.Utils                     
>               - HBase is not available (not packaged with this application): 
> ClassNotFoundException : "org.apache.hadoop.hbase.HBaseConfiguration".
> {quote}
> as a consequence it has become impossible to access a secured HBase from this 
> yarn session.
> From what I see now at least two things need to be done:
> # Add all relevant HBase parts to the yarn-session.sh scripting.
> # Add an optional option to pass principle and keytab file so the session can 
> last longer than the time the Kerberos tickets last. (i.e pass these 
> parameters into a call to {{UserGroupInformation.loginUserFromKeytab(user, 
> keytabFile);}})
> I do see that this would leave an important problem open:
> This yarnsession is accessible by everyone on the cluster and as a 
> consequence they can run jobs in there that can access all data I have access 
> to. Perhaps this should be a separate jira issue?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to