flink on yarn kerberos认证问题

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

flink on yarn kerberos认证问题

zjfplayer@hotmail.com
Hi,
    My question is:
       1.When kerberos in cdh5.14 has been hosted by cm, modify the kerberos configuration in cm, but /var/kerberos/krb5kdc/kdc.conf and /etc/krb5.conf are the same with before. It seems the kerberos configuration is in another position. Does anyone know this?
        2.When flink 1.8 on cdh5.14 yarn is running, it reports GSS initiate failed {caused by GSSException: No valid credentials provided} after 24 hours, then the program fails and terminates. It is suspected that the kerberos ticket renew is failed. Is it because I configurated wrong? Or does flink1.8 still not support renew? When I originally used Spark, it would automatically renew.
       My configuration:
        1.flink-conf.yaml:
security.kerberos.login.use-ticket-cache: false
security.kerberos.login.keytab: /home/zjf/zjf.keytab
security.kerberos.login.principal: [hidden email]
security.kerberos.login.contexts: Client,KafkaClient
zookeeper.sasl.service-name: zookeeper
zookeeper.sasl.login-context-name: Client
        2./var/kerberos/krb5kdc/kdc.conf:
        
        3./etc/krb5.conf:
I have added max_renewable_life configuration,and run "systemctl restart krb5kdc", and it didn't work。
    
    then i check the kerberos debug log,see the following logs:
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false 
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time =Fri Apr 30 14:38:36 CST 2021
Start Time =Fri Apr 30 14:38:36 CST 2021
End Time =Sat May 01 14:38:36 CST 2021      
Renew Till = null   

    Can anyone help me? Thanks