You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@kudu.apache.org by "Dan Burkert (JIRA)" <ji...@apache.org> on 2017/05/10 02:12:04 UTC
[jira] [Updated] (KUDU-1999) Spark connector should login with
Kerberos credentials on driver
[ https://issues.apache.org/jira/browse/KUDU-1999?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Burkert updated KUDU-1999:
------------------------------
Fix Version/s: (was: 1.3.1)
1.3.2
> Spark connector should login with Kerberos credentials on driver
> ----------------------------------------------------------------
>
> Key: KUDU-1999
> URL: https://issues.apache.org/jira/browse/KUDU-1999
> Project: Kudu
> Issue Type: Bug
> Components: spark
> Affects Versions: 1.3.0
> Reporter: Dan Burkert
> Assignee: Dan Burkert
> Priority: Blocker
> Fix For: 1.4.0, 1.3.2
>
>
> The Kudu Spark connector doesn't currently take advantage of the provided keytab and principal, if it's available. This is typical when Spark is in cluster mode with Yarn. As a result, the driver will fail to connect to a secured Kudu cluster with the following error:
> {code}
> 17/05/08 16:59:01 ERROR client.TabletClient: [Peer master-kudu-spark-secure-1.gce.cloudera.com:7051] Unexpected exception from downstream on [id: 0x3edb20f5, /172.31.113.23:48366 => kudu-spark-secure-1.gce.cloudera.com/172.31.113.22:7051]
> java.lang.RuntimeException: java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
> at org.apache.kudu.client.shaded.com.google.common.base.Throwables.propagate(Throwables.java:160)
> at org.apache.kudu.client.Negotiator.evaluateChallenge(Negotiator.java:678)
> ...
> {code}
> The fix is to explicitly {{kinit}} with the principal and keytab passed to the job.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)