walterddr commented on a change in pull request #7702:
[FLINK-11088][Security][YARN] Allow YARN to discover pre-installed keytab files
URL: https://github.com/apache/flink/pull/7702#discussion_r390732821
##########
File path:
flink-yarn/src/main/java/org/apache/flink/yarn/entrypoint/YarnEntrypointUtils.java
##########
@@ -90,16 +90,27 @@ public static Configuration loadConfiguration(String
workingDirectory, Map<Strin
final String keytabPath;
- if (env.get(YarnConfigKeys.KEYTAB_PATH) == null) {
+ if (env.get(YarnConfigKeys.LOCAL_KEYTAB_PATH) == null) { //
keytab not exist
keytabPath = null;
} else {
- File f = new File(workingDirectory,
Utils.KEYTAB_FILE_NAME);
- keytabPath = f.getAbsolutePath();
+ File f;
+ f = new File(env.get(YarnConfigKeys.LOCAL_KEYTAB_PATH));
+ if (f.exists()) { // keytab file exist in host
environment.
+ keytabPath = f.getAbsolutePath();
+ } else {
+ f = new File(workingDirectory,
env.get(YarnConfigKeys.LOCAL_KEYTAB_PATH));
+ if (f.exists()) { // keytab file exist in
working directory.
+ keytabPath = f.getAbsolutePath();
+ } else { // fall back to default keytab file
+ f = new File(workingDirectory,
Utils.DEFAULT_KEYTAB_FILE);
Review comment:
yes. good catch. this piece of code was there before we use the
YarnConfigOption approach. I would refine this.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
