[ https://issues.apache.org/jira/browse/FLINK-8981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16550575#comment-16550575 ]
ASF GitHub Bot commented on FLINK-8981: --------------------------------------- Github user aljoscha commented on a diff in the pull request: https://github.com/apache/flink/pull/6377#discussion_r203989263 --- Diff: flink-end-to-end-tests/test-scripts/docker-hadoop-secure-cluster/Dockerfile --- @@ -0,0 +1,159 @@ +################################################################################ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################################ +# +# This image is modified version of Knappek/docker-hadoop-secure +# * Knappek/docker-hadoop-secure <https://github.com/Knappek/docker-hadoop-secure> +# +# With bits and pieces added from Lewuathe/docker-hadoop-cluster to extend it to start a proper kerberized Hadoop cluster: +# * Lewuathe/docker-hadoop-cluster <https://github.com/Lewuathe/docker-hadoop-cluster> +# +# Author: Aljoscha Krettek +# Date: 2018 May, 15 +# +# Creates multi-node, kerberized Hadoop cluster on Docker + +FROM sequenceiq/pam:ubuntu-14.04 +MAINTAINER aljoscha + +USER root + +RUN addgroup hadoop +RUN useradd -d /home/hdfs -ms /bin/bash -G hadoop -p hdfs hdfs +RUN useradd -d /home/yarn -ms /bin/bash -G hadoop -p yarn yarn +RUN useradd -d /home/mapred -ms /bin/bash -G hadoop -p mapred mapred + +RUN useradd -d /home/hadoop-user -ms /bin/bash -p hadoop-user hadoop-user + +# install dev tools +RUN apt-get update +RUN apt-get install -y curl tar sudo openssh-server openssh-client rsync unzip + +# Kerberos client +RUN apt-get install krb5-user -y +RUN mkdir -p /var/log/kerberos +RUN touch /var/log/kerberos/kadmind.log + +# passwordless ssh +RUN rm -f /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key /root/.ssh/id_rsa +RUN ssh-keygen -q -N "" -t dsa -f /etc/ssh/ssh_host_dsa_key +RUN ssh-keygen -q -N "" -t rsa -f /etc/ssh/ssh_host_rsa_key +RUN ssh-keygen -q -N "" -t rsa -f /root/.ssh/id_rsa +RUN cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys + +# java +RUN mkdir -p /usr/java/default && \ + curl -Ls 'http://download.oracle.com/otn-pub/java/jdk/8u131-b11/d54c1d3a095b4ff2b6607d096fa80163/jdk-8u131-linux-x64.tar.gz' -H 'Cookie: oraclelicense=accept-securebackup-cookie' | \ + tar --strip-components=1 -xz -C /usr/java/default/ + +ENV JAVA_HOME /usr/java/default +ENV PATH $PATH:$JAVA_HOME/bin + +RUN curl -LOH 'Cookie: oraclelicense=accept-securebackup-cookie' 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' +RUN unzip jce_policy-8.zip +RUN cp /UnlimitedJCEPolicyJDK8/local_policy.jar /UnlimitedJCEPolicyJDK8/US_export_policy.jar $JAVA_HOME/jre/lib/security + +ENV HADOOP_VERSION=2.8.4 --- End diff -- I think the solution in the long run should be to never ship Flink with a Hadoop version, i.e. make the hadoop-free version the default. > Add end-to-end test for running on YARN with Kerberos > ----------------------------------------------------- > > Key: FLINK-8981 > URL: https://issues.apache.org/jira/browse/FLINK-8981 > Project: Flink > Issue Type: Sub-task > Components: Security, Tests > Affects Versions: 1.5.0 > Reporter: Till Rohrmann > Assignee: Aljoscha Krettek > Priority: Blocker > Labels: pull-request-available > Fix For: 1.6.0 > > > We should add an end-to-end test which verifies Flink's integration with > Kerberos security. In order to do this, we should start a Kerberos secured > Hadoop, ZooKeeper and Kafka cluster. Then we should start a Flink cluster > with HA enabled and run a job which reads from and writes to Kafka. We could > use a simple pipe job for that purpose which has some state for checkpointing > to HDFS. > See [security docs| > https://ci.apache.org/projects/flink/flink-docs-master/ops/security-kerberos.html] > for how more information about Flink's Kerberos integration. -- This message was sent by Atlassian JIRA (v7.6.3#76005)