Uploaded image for project: 'Hadoop Map/Reduce'
  1. Hadoop Map/Reduce
  2. MAPREDUCE-7236

HadoopArchiveLogs will use token to create proxy user when kerberos on

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.9.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Target Version/s:

      Description

      HadoopArchiveLogsRunner runs in the Yarn Container via DistributedShell.
      The Client of the DistributedShell gets the Token and uses it for the Runner.
      The Runner create ProxyUser via Token, which violates the ProxyUser principle.

      There are two solutions:
      1. Pass the Keytab to the Runner, login with Keytab and create ProxyUser.
      2. Run the HadoopArchiveLogs task with HDFS Super User. After the Archive is finished, use chown to modify it to the corresponding user.

      I prefer to use the first way to solve the problem. Any suggestions?

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                caiyicong Yicong Cai
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: