1. 技术文章
  2. How can I pass a Kerberos ticket to Spring Yarn application

How can I pass a Kerberos ticket to Spring Yarn application

狂风中的少年 提交于 2020-01-07 06:42:11

问题


I am trying to run the Simple Single Project Yarn Application detailed here. I deployed the application as a jar file to our hadoop cluster. When trying to run, I am getting an exception, stack trace below:

[2015-06-04 14:10:45.866] boot - 13669 ERROR [main] --- SpringApplication: Application startup failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
        at org.springframework.boot.SpringApplication.runCommandLineRunners(SpringApplication.java:680)
        at org.springframework.boot.SpringApplication.afterRefresh(SpringApplication.java:695)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:322)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:961)
        at org.springframework.boot.SpringApplication.run(SpringApplication.java:950)
        at com.aetna.ise.yarn.publish.Application.main(Application.java:21)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56)
        at java.lang.reflect.Method.invoke(Method.java:620)
        at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:53)
        at java.lang.Thread.run(Thread.java:857)
Caused by: org.springframework.yarn.YarnSystemException: SIMPLE authentication is not enabled.  Available:[TOKEN, KERBEROS]; nested exception is org.apache.hadoop.security.AccessControlException: SIMPLE authentication is not enabled.  Available:[TOKEN, KERBEROS]

This is due to the fact that our cluster uses Kerberos authentication. Is there a way to pass the Kerberos ticket to the application in the Spring YARN code? I don't see any place to do that.


回答1:


We can't currently delegate any tickets when application is submitted, but application itself can use kerberos.

This is explained in section http://docs.spring.io/spring-hadoop/docs/2.1.2.RELEASE/reference/html/springandhadoop-security.html#literal-spring-hadoop-security-literal-configuration-properties

For example something like shown below in application.yml(use principals from your cluster):

spring:
  hadoop:
    fsUri: hdfs://localhost:8020
    resourceManagerHost: localhost
    security:
      userPrincipal: jvalkealahti/neo
      userKeytab: /usr/local/hadoops/jvalkealahti.keytab
      authMethod: kerberos
      namenodePrincipal: hdfs/neo@LOCALDOMAIN
      rmManagerPrincipal: yarn/neo@LOCALDOMAIN


来源:https://stackoverflow.com/questions/30651452/how-can-i-pass-a-kerberos-ticket-to-spring-yarn-application

标签
Spring
Hadoop
spring-boot
yarn
spring-xd
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!