You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2018/03/20 22:38:00 UTC
[jira] [Commented] (KUDU-2363) Investigate if we should use
ServiceCredentialProvider for Spark integration
[ https://issues.apache.org/jira/browse/KUDU-2363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16407168#comment-16407168 ]
Todd Lipcon commented on KUDU-2363:
-----------------------------------
Seems like we'd need to start passing the kudu master addresses as part of the Hadoop 'Configuration' object for this to work, whereas currently it's only programattically specified.
Also seems like we'd still need to use the keytab option for cases where a job runs for more than the authn token expiration period (7 days) since the tokens created at submit time wouldn't be renewable.
That said, probably a good idea so we can support 'spark-submit --deploy-mode client' without keytabs.
> Investigate if we should use ServiceCredentialProvider for Spark integration
> ----------------------------------------------------------------------------
>
> Key: KUDU-2363
> URL: https://issues.apache.org/jira/browse/KUDU-2363
> Project: Kudu
> Issue Type: Improvement
> Reporter: Hao Hao
> Priority: Major
>
> Spark 2 provides a \{ServiceCredentialProvider} implementation for integration with other service on a secure cluster. Here is a related [documentation|https://spark.apache.org/docs/2.1.0/running-on-yarn.html#running-in-a-secure-cluster] although lacking in detail.
> We should probably investigate if we want to use it to avoid asking users to provide the keytab, since it might not be a good practice.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)