[
https://issues.apache.org/jira/browse/DRILL-7149?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16808919#comment-16808919
]
Pritesh Maker commented on DRILL-7149:
--------------------------------------
[~agirish] any thoughts?
> Kerberos Code Missing from Drill on YARN
> ----------------------------------------
>
> Key: DRILL-7149
> URL: https://issues.apache.org/jira/browse/DRILL-7149
> Project: Apache Drill
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.14.0
> Reporter: Charles Givre
> Priority: Blocker
>
> My company is trying to deploy Drill using the Drill on Yarn (DoY) and we
> have run into the issue that DoY does not seem to support passing Kerberos
> credentials in order to interact with HDFS.
> Upon checking the source code available in GIT
> (https://github.com/apache/drill/blob/1.14.0/drill-yarn/src/main/java/org/apache/drill/yarn/core/)
> and referring to Apache YARN documentation
> (https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html)
> , we saw no section for passing the security credentials needed by the
> application to interact with any Hadoop cluster services and applications.
> This we feel needs to be added to the source code so that delegation tokens
> can be passed inside the container for the process to be able access Drill
> archive on HDFS and start. It probably should be added to the
> ContainerLaunchContext within the ApplicationSubmissionContext for DoY as
> suggested under Apache documentation.
>
> We tried the same DoY utility on a non-kerberised cluster and the process
> started well. Although we ran into a different issue there of hosts getting
> blacklisted
> We tested with the Single Principal per cluster option.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
