I am not familiar with kerberos. However i find "keyProvider null cannot renew token" in the Yarn ResourceManager logs. Could you please check the key provider has been configured correctly?
Best, Yang Ethan Li <ethanopensou...@gmail.com> 于2020年1月10日周五 下午10:54写道: > Hi Yangze, > > Thanks for your reply. Those are the docs I have read and followed. (I was > also able to set up a standalone flink cluster with secure HDFS, Zookeeper > and Kafa. ) > > Could you please let me know what I am missing? Thanks > > > Best, > Ethan > > > On Jan 10, 2020, at 6:28 AM, Yangze Guo <karma...@gmail.com> wrote: > > > > Hi, Ethan > > > > You could first check your cluster following this guide and check if > > all the related config[2] set correctly. > > > > [1] > https://ci.apache.org/projects/flink/flink-docs-release-1.9/ops/security-kerberos.html > > [2] > https://ci.apache.org/projects/flink/flink-docs-release-1.9/ops/config.html#security-kerberos-login-contexts > > > > Best, > > Yangze Guo > > > > On Fri, Jan 10, 2020 at 10:37 AM Ethan Li <ethanopensou...@gmail.com> > wrote: > >> > >> Hello > >> > >> I was following > https://ci.apache.org/projects/flink/flink-docs-release-1.8/ops/deployment/yarn_setup.html#run-a-flink-job-on-yarn > and trying to submit a flink job on yarn. > >> > >> I downloaded flink-1.9.1 and pre-bundled Hadoop 2.8.3 from > https://flink.apache.org/downloads.html#apache-flink-191. I used default > configs except: > >> > >> security.kerberos.login.keytab: userA.keytab > >> security.kerberos.login.principal: userA@REALM > >> > >> > >> I have a secure Yarn cluster set up already. Then I ran “ ./bin/flink > run -m yarn-cluster -p 1 -yjm 1024m -ytm 1024m > ./examples/streaming/WordCount.jar” and got the following errors: > >> > >> > >> org.apache.flink.client.deployment.ClusterDeploymentException: Couldn't > deploy Yarn session cluster > >> at > org.apache.flink.yarn.AbstractYarnClusterDescriptor.deploySessionCluster(AbstractYarnClusterDescriptor.java:385) > >> at > org.apache.flink.client.cli.CliFrontend.runProgram(CliFrontend.java:251) > >> at org.apache.flink.client.cli.CliFrontend.run(CliFrontend.java:205) > >> at > org.apache.flink.client.cli.CliFrontend.parseParameters(CliFrontend.java:1010) > >> at > org.apache.flink.client.cli.CliFrontend.lambda$main$10(CliFrontend.java:1083) > >> at java.security.AccessController.doPrivileged(Native Method) > >> at javax.security.auth.Subject.doAs(Subject.java:422) > >> at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1836) > >> at > org.apache.flink.runtime.security.HadoopSecurityContext.runSecured(HadoopSecurityContext.java:41) > >> at org.apache.flink.client.cli.CliFrontend.main(CliFrontend.java:1083) > >> Caused by: org.apache.hadoop.yarn.exceptions.YarnException: Failed to > submit application_1578605412668_0005 to YARN : Failed to renew token: > Kind: kms-dt, Service: host3.com:3456, Ident: (owner=userA, > renewer=adminB, realUser=, issueDate=1578606224956, maxDate=1579211024956, > sequenceNumber=32, masterKeyId=52) > >> at > org.apache.hadoop.yarn.client.api.impl.YarnClientImpl.submitApplication(YarnClientImpl.java:275) > >> at > org.apache.flink.yarn.AbstractYarnClusterDescriptor.startAppMaster(AbstractYarnClusterDescriptor.java:1004) > >> at > org.apache.flink.yarn.AbstractYarnClusterDescriptor.deployInternal(AbstractYarnClusterDescriptor.java:507) > >> at > org.apache.flink.yarn.AbstractYarnClusterDescriptor.deploySessionCluster(AbstractYarnClusterDescriptor.java:378) > >> ... 9 more > >> > >> > >> Full client log: > https://gist.github.com/Ethanlm/221284bcaa272270a799957dc05b94fd > >> Resource manager log: > https://gist.github.com/Ethanlm/ecd0a3eb25582ad6b1552927fc0e5c47 > >> Hostname, IP address, username and etc. are anonymized. > >> > >> > >> Not sure how to proceed further. Wondering if anyone in the community > has encountered this before. Thank you very much for your time! > >> > >> Best, > >> Ethan > >> > >
