Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-7236

HadoopArchiveLogs will use token to create proxy user when kerberos on

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.9.2
    • None
    • None
    • None

    Description

      HadoopArchiveLogsRunner runs in the Yarn Container via DistributedShell.
      The Client of the DistributedShell gets the Token and uses it for the Runner.
      The Runner create ProxyUser via Token, which violates the ProxyUser principle.

      There are two solutions:
      1. Pass the Keytab to the Runner, login with Keytab and create ProxyUser.
      2. Run the HadoopArchiveLogs task with HDFS Super User. After the Archive is finished, use chown to modify it to the corresponding user.

      I prefer to use the first way to solve the problem. Any suggestions?

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. MAPREDUCE-6415 Create a tool to combine aggregated logs into HAR files

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              caiyicong Yicong Cai
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: