[
https://issues.apache.org/jira/browse/HIVE-21922?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Adam Szita updated HIVE-21922:
------------------------------
Resolution: Invalid
Status: Resolved (was: Patch Available)
> Allow keytabs to be reused in LLAP yarn applications through Yarn localization
> ------------------------------------------------------------------------------
>
> Key: HIVE-21922
> URL: https://issues.apache.org/jira/browse/HIVE-21922
> Project: Hive
> Issue Type: New Feature
> Reporter: Adam Szita
> Assignee: Adam Szita
> Priority: Major
> Attachments: HIVE-21922.0.patch, HIVE-21922.1.patch,
> HIVE-21922.2.patch
>
>
> In secure clusters LLAP has to be able to reach keytab files for kerberos
> login.
> Currently _hive.llap.task.scheduler.am.registry.keytab.file_ and
> _hive.llap.daemon.keytab.file_ configs are used to define the path of such
> keytabs on the Tez AM and LLAP daemon side respectively. Both presume local
> file system paths only - hence all nodes in the LLAP cluster (even those that
> eventually don't end up executing a daemon...) have to have Hive's keytab
> preinstalled on them.
> The above is described by this strategy:
> [Pre-installed_Keytabs_for_AM_and_containers|https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Pre-installed_Keytabs_for_AM_and_containers]
> Another approach can be
> [Keytabs_for_AM_and_containers_distributed_via_YARN|https://hadoop.apache.org/docs/current/hadoop-yarn/hadoop-yarn-site/YarnApplicationSecurity.html#Keytabs_for_AM_and_containers_distributed_via_YARN]
> where we rely on HDFS and Yarn resource localization, and no prior keytab
> distribution is required. I intend to make this strategy an option for
> Hive-LLAP in this jira.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
