Uploaded image for project: 'Flink'
  1. Flink
  2. FLINK-9685

Flink should support hostname-substitution for security.kerberos.login.principal

    XMLWordPrintableJSON

Details

    Description

      https://github.com/apache/flink/blob/master/flink-runtime/src/main/java/org/apache/flink/runtime/security/SecurityConfiguration.java#L83

       

      We can have something like this

      String rawPrincipal = flinkConf.getString(SecurityOptions.KERBEROS_LOGIN_PRINCIPAL);
if (rawPrincipal != null) {
   try {
      rawPrincipal = rawPrincipal.replace("HOSTNAME", InetAddress.getLocalHost().getCanonicalHostName());
   } catch (UnknownHostException e) {
      LOG.error("Failed to replace HOSTNAME with localhost because {}", e);
   }
}
this.principal = rawPrincipal;

      So it will be easier to deploy flink to cluster. Instead of setting different principal on every node, we can have the same principal headless_user/HOSTNAME@DOMAIN .

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #7860

          Activity

            People

              Salatich Aleksandr Salatich
              ethanli Ethan Li
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m