You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Hyukjin Kwon (JIRA)" <ji...@apache.org> on 2019/05/21 04:14:22 UTC

[jira] [Resolved] (SPARK-19588) Allow putting keytab file to HDFS location specified in spark.yarn.keytab

     [ https://issues.apache.org/jira/browse/SPARK-19588?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hyukjin Kwon resolved SPARK-19588.
----------------------------------
    Resolution: Incomplete

> Allow putting keytab file to HDFS location specified in spark.yarn.keytab
> -------------------------------------------------------------------------
>
>                 Key: SPARK-19588
>                 URL: https://issues.apache.org/jira/browse/SPARK-19588
>             Project: Spark
>          Issue Type: New Feature
>          Components: Spark Core, Spark Submit
>    Affects Versions: 2.0.2, 2.1.0
>         Environment: kerberized cluster, Spark 2
>            Reporter: Ruslan Dautkhanov
>            Priority: Major
>              Labels: authentication, bulk-closed, kerberos, security, yarn-client
>
> As a workaround for SPARK-19038 tried putting keytab in user's home directory in HDFS but this fails with 
> {noformat}
> Exception in thread "main" org.apache.spark.SparkException: Keytab file: hdfs:///user/svc_odiprd/.kt does not exist
>         at org.apache.spark.deploy.SparkSubmit$.prepareSubmitEnvironment(SparkSubmit.scala:555)
>         at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:158)
>         at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:124)
>         at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)
> {noformat}
> This is yarn-client mode, so driver probably can't see HDFS while submitting a job; although I suspect it doesn't not only with yarn-client.
> Would be great to support reading keytab for kerberos ticket renewals directly from HDFS.
> We think that in some scenarios it's more secure than referencing a keytab from a local fs on a client machine that does a spark-submit.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org