[jira] [Updated] (KYLIN-5442) Ticket auto-renewal is not supported when kerberos is enabled for the real-time feature, resulting in failure of the build job

Thu, 09 Feb 2023 04:21:22 -0800 


     [ 
https://issues.apache.org/jira/browse/KYLIN-5442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yaguang Jia updated KYLIN-5442:
-------------------------------
    Description: 
Currently, KAFKA opens kerberos with the following two restrictions.

If using ticketcache authentication

KE cannot automatically update the kerberos ticket on the node where the YARN 
task is located, and needs to provide a method on the operation and maintenance 
side to ensure that the kerberos ticket is automatically updated when it 
expires, which will increase the operation and maintenance costs, so expect the 
KE side to automatically update it. If the ticket is not updated when it 
expires, it will cause the real-time task to fail

2. If you use keytab authentication file

Need to add a unified path to the keytab file on KE and YARN clusters refer to 
the following work order. The customer wants to avoid adding the keytab file on 
the YARN cluster.

> Ticket auto-renewal is not supported when kerberos is enabled for the 
> real-time feature, resulting in failure of the build job
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KYLIN-5442
>                 URL: https://issues.apache.org/jira/browse/KYLIN-5442
>             Project: Kylin
>          Issue Type: Bug
>    Affects Versions: 5.0-alpha
>            Reporter: Yaguang Jia
>            Assignee: Yaguang Jia
>            Priority: Major
>             Fix For: 5.0-alpha
>
>
> Currently, KAFKA opens kerberos with the following two restrictions.
> If using ticketcache authentication
> KE cannot automatically update the kerberos ticket on the node where the YARN 
> task is located, and needs to provide a method on the operation and 
> maintenance side to ensure that the kerberos ticket is automatically updated 
> when it expires, which will increase the operation and maintenance costs, so 
> expect the KE side to automatically update it. If the ticket is not updated 
> when it expires, it will cause the real-time task to fail
> 2. If you use keytab authentication file
> Need to add a unified path to the keytab file on KE and YARN clusters refer 
> to the following work order. The customer wants to avoid adding the keytab 
> file on the YARN cluster.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to