[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631464#comment-17631464 ] jiasheng55 commented on FLINK-12130: [~gvijay452] It seems I don't have permission to assign this issue to you, you need to ping a Flink committer maintaining the related component. By the way, so glad to see updates on this issue:) > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: jiasheng55 >Priority: Not a Priority > Labels: auto-deprioritized-major, auto-deprioritized-minor, > auto-unassigned, pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17631170#comment-17631170 ] Vijayakumar Govindasamy commented on FLINK-12130: - [~lingyaKK] [~aljoscha] [~victor-wong] I picked 1.15.2 and applied your fix and top of it. Validated and fix is working good. I can raise PR with latest changes. If this is okay, Can you please assign the ticket to me. Will share the PR shortly > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: jiasheng55 >Priority: Not a Priority > Labels: auto-deprioritized-major, auto-deprioritized-minor, > auto-unassigned, pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17576481#comment-17576481 ] Zhanghao Chen commented on FLINK-12130: --- Hi, [~aljoscha], we also need this feature in our company, and I'd be willing to pick up from where jiasheng left to push this forward. I plan to prepare a new PR, following on exactly the same route as jiasheng did in [[FLINK-12130][clients] Apply command line options to configuration be… by jiasheng55 · Pull Request #14271 · apache/flink (github.com)|https://github.com/apache/flink/pull/14271]. If you think it is on the correct path, could you assign this ticket to me? > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: jiasheng55 >Priority: Not a Priority > Labels: auto-deprioritized-major, auto-deprioritized-minor, > auto-unassigned, pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17452957#comment-17452957 ] Zhanghao Chen commented on FLINK-12130: --- [~victor-wong] What's the status of this issue right now? This issue gets us into trouble in a multi-tenant Flink deployment environment, where we can't change the security config dynamically via command line options. Look forward to seeing future efforts on it. If you are trapped by other issues, I'm also willing to pick up where you left off. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: jiasheng55 >Priority: Minor > Labels: auto-deprioritized-major, auto-unassigned, > pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17333964#comment-17333964 ] Flink Jira Bot commented on FLINK-12130: This issue was marked "stale-assigned" and has not received an update in 7 days. It is now automatically unassigned. If you are still working on it, you can assign it to yourself again. Please also give an update about the status of the work. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > Labels: pull-request-available, stale-assigned > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17323315#comment-17323315 ] Flink Jira Bot commented on FLINK-12130: This issue is assigned but has not received an update in 7 days so it has been labeled "stale-assigned". If you are still working on the issue, please give an update and remove the label. If you are no longer working on the issue, please unassign so someone else may work on it. In 7 days the issue will be automatically unassigned. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > Labels: pull-request-available, stale-assigned > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17244953#comment-17244953 ] Victor Wong commented on FLINK-12130: - [~lingyaKK], thanks for your time! [~aljoscha], could you help review and merge this, https://github.com/apache/flink/pull/14271 > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > Labels: pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17243067#comment-17243067 ] lingyajia commented on FLINK-12130: --- [~victor-wong] i build FLINK-12130-DEV branch , run . /bin/flink run -m yarn-cluster -p 4 -yjm 4096m -ytm 4096m -yat rts_service -ynm t1 -yD security.kerberos.login.keytab=/home/key_tab/admin_mxw_keytab.keytab -yD security.kerberos.login.principal=admin/ad...@yhs.com ./examples/batch/WordCount.jar , it work (y) > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > Labels: pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17242226#comment-17242226 ] lingyajia commented on FLINK-12130: --- ok, i will build FLINK-12130-DEV branch ,try it. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > Labels: pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17241404#comment-17241404 ] Victor Wong commented on FLINK-12130: - [~lingyaKK],[~zhouqi], hi, I come up with a new PR, https://github.com/apache/flink/pull/14271, could you help me review this. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > Labels: pull-request-available > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17231204#comment-17231204 ] Victor Wong commented on FLINK-12130: - [~lingyaKK][~zhouqi] Very sorry, I haven't worked on this recently:( I plan to work on this next week, if anyone wants to contribute a new PR here, it would be great! > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17231191#comment-17231191 ] lingyajia commented on FLINK-12130: --- Is there any progress on this issue recently ? flink V1.12 can merge this PR?[~victor-wong] > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17219515#comment-17219515 ] silence commented on FLINK-12130: - Is there any progress on this issue recently [~victor-wong] > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17183825#comment-17183825 ] Aljoscha Krettek commented on FLINK-12130: -- Sure, that would be good! > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17183280#comment-17183280 ] Victor Wong commented on FLINK-12130: - [~aljoscha] I'd like to help, what about a new PR based on master branch? > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17183260#comment-17183260 ] Aljoscha Krettek commented on FLINK-12130: -- I think this still needs work then. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17170648#comment-17170648 ] silence commented on FLINK-12130: - Have we solved it? It can be reproduced in the new version(1.11) > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16817050#comment-16817050 ] Victor Wong commented on FLINK-12130: - Hi [~aljoscha], I have created a PR with your advice, [https://github.com/apache/flink/pull/8166.] I tried to make the patch as simple as possible, but it seems like I "failed", because I have to change the behavior of `org.apache.flink.client.cli.CliFrontend#parseParameters` to return the correct `CommandLine` for different actions. Maybe there is a better way, looking forward to your advice. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Assignee: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16815395#comment-16815395 ] Aljoscha Krettek commented on FLINK-12130: -- [~victor-wong] Yes, please do that. One thing I would like to see changed, tough, is make {{applyCommandLineOptionsToConfiguration(CommandLine commandLine)}} a method of interface {{CustomCommandLine}} and change it to {{applyCommandLineOptionsToConfiguration(Configuration configuration, CommandLine commandLine)}}. That way you don't have to cast and it is more future proof, if the type of the Yarn command line ever changes. > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (FLINK-12130) Apply command line options to configuration before installing security modules
[ https://issues.apache.org/jira/browse/FLINK-12130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16813276#comment-16813276 ] Victor Wong commented on FLINK-12130: - [~aljoscha] Thanks for your reply. It worked in our production environment. If the patch looks fine, may I create a PR on this issue? > Apply command line options to configuration before installing security modules > -- > > Key: FLINK-12130 > URL: https://issues.apache.org/jira/browse/FLINK-12130 > Project: Flink > Issue Type: Improvement > Components: Command Line Client >Reporter: Victor Wong >Priority: Major > > Currently if the user configures Kerberos credentials through command line, > it won't work. > {code:java} > // flink run -m yarn-cluster -yD > security.kerberos.login.keytab=/path/to/keytab -yD > security.kerberos.login.principal=xxx /path/to/test.jar > {code} > Above command would cause security failure if you do not have a ticket cache > w/ kinit. > Maybe we could call > _org.apache.flink.client.cli.AbstractCustomCommandLine#applyCommandLineOptionsToConfiguration_ > before _SecurityUtils.install(new > SecurityConfiguration(cli.configuration));_ > Here is a demo patch: > [https://github.com/jiasheng55/flink/commit/ef6880dba8a1f36849f5d1bb308405c421b29986] -- This message was sent by Atlassian JIRA (v7.6.3#76005)