[
https://issues.apache.org/jira/browse/FLINK-8981?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16552521#comment-16552521
]
ASF GitHub Bot commented on FLINK-8981:
---------------------------------------
Github user aljoscha commented on a diff in the pull request:
https://github.com/apache/flink/pull/6377#discussion_r204329978
--- Diff:
flink-end-to-end-tests/test-scripts/docker-hadoop-secure-cluster/docker-compose.yml
---
@@ -0,0 +1,87 @@
+################################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+################################################################################
+version: '3.5'
+
+networks:
+ docker-hadoop-cluster-network:
+ driver: bridge
+ name: docker-hadoop-cluster-network
+
+services:
+ kdc:
+ container_name: "kdc"
+ hostname: kdc.kerberos.com
+ image: sequenceiq/kerberos
+ networks:
+ - docker-hadoop-cluster-network
+ environment:
+ REALM: EXAMPLE.COM
+ DOMAIN_REALM: kdc.kerberos.com
+
+ master:
+ image:
${DOCKER_HADOOP_IMAGE_NAME:-flink/docker-hadoop-secure-cluster:latest}
+ command: master
+ depends_on:
+ - kdc
+ ports:
+ - "50070:50070"
+ - "50470:50470"
+ - "8088:8088"
+ - "19888:19888"
+ - "8188:8188"
+ container_name: "master"
+ hostname: master.docker-hadoop-cluster-network
+ networks:
+ - docker-hadoop-cluster-network
+ environment:
+ KRB_REALM: EXAMPLE.COM
+ DOMAIN_REALM: kdc.kerberos.com
+
+ slave1:
--- End diff --
I tried this at the very beginning but this doesn't work because the slaves
need well formed hostnames for the Kerberos setup to work (it's tricky with the
Kerberos principal names). That's why I did it like this. I also don't like it
> Add end-to-end test for running on YARN with Kerberos
> -----------------------------------------------------
>
> Key: FLINK-8981
> URL: https://issues.apache.org/jira/browse/FLINK-8981
> Project: Flink
> Issue Type: Sub-task
> Components: Security, Tests
> Affects Versions: 1.5.0
> Reporter: Till Rohrmann
> Assignee: Aljoscha Krettek
> Priority: Blocker
> Labels: pull-request-available
> Fix For: 1.6.0
>
>
> We should add an end-to-end test which verifies Flink's integration with
> Kerberos security. In order to do this, we should start a Kerberos secured
> Hadoop, ZooKeeper and Kafka cluster. Then we should start a Flink cluster
> with HA enabled and run a job which reads from and writes to Kafka. We could
> use a simple pipe job for that purpose which has some state for checkpointing
> to HDFS.
> See [security docs|
> https://ci.apache.org/projects/flink/flink-docs-master/ops/security-kerberos.html]
> for how more information about Flink's Kerberos integration.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
