I am trying to setup Flink 1.2 using yarn on MapR (v5.2.0). The MapR cluster, on which, I am trying to setup this is a secure cluster. But, this cluster does not use Kerberos. Mapr, by default, uses some variant of ssl <http://maprdocs.mapr.com/home/SecurityGuide/Enable-wire-level-security.html> and MapR also normally has its own JAAS .conf file, which it relies on.
When I try to run yarn-session.sh, I get the following error: /java.lang.RuntimeException: Hadoop security is enabled but the login user does not have Kerberos credentials/ To resolve this I tried the following two things: 1. I had seen a somewhat similar mention of this issue on JIRA <https://issues.apache.org/jira/browse/FLINK-5055> . The issue says that its resolved in 1.2 but the comments on that issue do not indicate that. By the way, I have added "-Djava.security.auth.login.config=/opt/mapr/conf/mapr.login.conf" in the yarn-session.sh file. But I still the get the same issue. So, is this issue resolved? What am I missing here? Why does Flink require Kerberos credentials when MapR has no Kerberos setup? 2. I also tried specifying following in flink-conf.yaml: security.ssl.enabled: true security.ssl.keystore: /opt/mapr/conf/ssl_keystore security.ssl.keystore-password: <> security.ssl.key-password: <> security.ssl.truststore: /opt/mapr/conf/ssl_truststore security.ssl.truststore-password: <> But, this too did not solve the problem and I get the same issue. Why is Flink trying to get Kerberos credentials even after ssl security is enabled? Thanks, Aniket -- View this message in context: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Flink-Yarn-and-MapR-Kerberos-issue-tp11996.html Sent from the Apache Flink User Mailing List archive. mailing list archive at Nabble.com.
