You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Chenyu Zheng (Jira)" <ji...@apache.org> on 2024/01/02 11:25:00 UTC
[jira] [Updated] (SPARK-46566) Session level config was not loaded when isolation is enable.
[ https://issues.apache.org/jira/browse/SPARK-46566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chenyu Zheng updated SPARK-46566:
---------------------------------
Summary: Session level config was not loaded when isolation is enable. (was: Session levle config was not loaded when isolation is enable.)
> Session level config was not loaded when isolation is enable.
> -------------------------------------------------------------
>
> Key: SPARK-46566
> URL: https://issues.apache.org/jira/browse/SPARK-46566
> Project: Spark
> Issue Type: Improvement
> Components: SQL
> Affects Versions: 3.5.0
> Reporter: Chenyu Zheng
> Priority: Major
>
> I setup thriftserver based on v3.5.0, when I execute command, will throw this error:
> {code:java}
> 15:10:53.400 [HiveServer2-Handler-Pool: Thread-293] ERROR org.apache.thrift.transport.TSaslTransport - SASL negotiation failure
> javax.security.sasl.SaslException: GSS initiate failed
> ## ignore very long stack trace ## {code}
> With some debugging and analysis, I found that proxyuser should use token to access metastore, but actually uses kerberos. The direct reason is that "hive.metastore.token.signature" is lost.
> In fact, we have set "hive.metastore.token.signature" to "HiveServer2ImpersonationToken" for config when construct HiveSessionImplwithUGI, and store the config in HiveSessionImplwithUGI::sessionHive and HiveSessionImplwithUGI::sessionState
> When session is acquire, we should set sessionState and sessionHive to thread-level variables. Then the execution statements will use their own sessionHive and sessionState, so use the right config.
> But if isolation is enable, a new SessionState and Hive will be constructed using the specified hive version. Config is not passed from HiveSessionImplwithUGI::sessionState to this SessionState. And config is not passed from HiveSessionImplwithUGI::sessionHive to new Hive. So hive.metastore.token.signature is missing.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org