You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Chenyu Zheng (Jira)" <ji...@apache.org> on 2024/01/02 11:25:00 UTC

[jira] [Updated] (SPARK-46566) Session level config was not loaded when isolation is enable.

     [ https://issues.apache.org/jira/browse/SPARK-46566?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Chenyu Zheng updated SPARK-46566:
---------------------------------
    Summary: Session level config was not loaded when isolation is enable.  (was: Session levle config was not loaded when isolation is enable.)

> Session level config was not loaded when isolation is enable.
> -------------------------------------------------------------
>
>                 Key: SPARK-46566
>                 URL: https://issues.apache.org/jira/browse/SPARK-46566
>             Project: Spark
>          Issue Type: Improvement
>          Components: SQL
>    Affects Versions: 3.5.0
>            Reporter: Chenyu Zheng
>            Priority: Major
>
> I setup thriftserver based on v3.5.0, when I execute command, will throw this error:
> {code:java}
> 15:10:53.400 [HiveServer2-Handler-Pool: Thread-293] ERROR org.apache.thrift.transport.TSaslTransport - SASL negotiation failure
> javax.security.sasl.SaslException: GSS initiate failed
> ## ignore very long stack trace ## {code}
> With some debugging and analysis, I found that proxyuser should use token to access metastore, but actually uses kerberos. The direct reason is that "hive.metastore.token.signature" is lost.
> In fact, we have set "hive.metastore.token.signature" to "HiveServer2ImpersonationToken" for config when construct HiveSessionImplwithUGI, and store the config in HiveSessionImplwithUGI::sessionHive and HiveSessionImplwithUGI::sessionState
> When session is acquire, we should set sessionState and sessionHive to thread-level variables. Then the execution statements will use their own sessionHive and sessionState, so use the right config.
> But if isolation is enable, a new SessionState and Hive will be constructed using the specified hive version. Config is not passed from HiveSessionImplwithUGI::sessionState to this SessionState. And config is not passed from HiveSessionImplwithUGI::sessionHive to new Hive. So hive.metastore.token.signature is missing.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org