Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support using Hadoop's proxyuser mechanism to access kerberos-enabled Hadoop clusters #479

Closed
iBuddha opened this issue Jul 17, 2020 · 0 comments
Closed

Support using Hadoop's proxyuser mechanism to access kerberos-enabled Hadoop clusters #479

iBuddha opened this issue Jul 17, 2020 · 0 comments

Comments

@iBuddha
Copy link

iBuddha commented Jul 17, 2020
edited by yangzhiyue
Loading

HDFS

比如在集群中添加以下配置
For example, add the following configuration to the cluster

   <property>
     <name>hadoop.proxyuser.linkis.hosts</name>
     <value>*</value>
   </property>
   <property>
     <name>hadoop.proxyuser.linkis.groups</name>
     <value>*</value>
   </property>

In this way, you only need to log in with the keytab and principal of the user linkis, create UGI, and then use UserGroupInformation.createProxyUser(userName, proxyUGI) to create the UGI used when the user accesses HDFS. It is no longer necessary to generate a keytab for each user
这样只需要用linkis这个用户的keytab和principal登录,创建UGI, 然后再用UserGroupInformation.createProxyUser(userName, proxyUGI)来创建用户访问HDFS时候使用的UGI。而不再需要为每个用户生成keytab

YARN

When submitting the Spark program, you can also use Spark's --proxy-user configuration. In this way, the ticket of the user who started linkis can be used to submit the spark program to YARN, but the user who actually runs spark is the identity of the end user. You can avoid creating a keytab for each user.
在提交Spark程序时候,也可以用Spark的--proxy-user配置。这样就可用启动linkis的用户的ticket 来提交spark程序到YARN, 但是实际运行spark的用户身份为终端用户的身份。可以避免为每个用户创建keytab。
@iBuddha iBuddha changed the title 支持使用proxyuser机制访问启用了kerberos的hadoop集群 支持使用hadoop的proxyuser机制访问启用了kerberos的hadoop集群 Jul 17, 2020
@yangzhiyue yangzhiyue changed the title 支持使用hadoop的proxyuser机制访问启用了kerberos的hadoop集群 Support using Hadoop's proxyuser mechanism to access kerberos-enabled Hadoop clusters Jul 12, 2021
@saLeox saLeox mentioned this issue Oct 6, 2021
Merged
mayinrain pushed a commit to mayinrain/incubator-linkis that referenced this issue May 28, 2024
@v-kkhuang
[1.4.0] department user view jobhistory log (apache#479)
5c4023c 
* Add department administrator permissions to task history

* update department sql to in

* revent query departmentid  "in" to  "="

* add depatment user can query jobhistory log

---------

Co-authored-by: “v_kkhuang” <“[email protected]”>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iBuddha @peacewong