You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/08/06 16:39:20 UTC
Review Request 37186: Ambari omits the line to enable kerberos on the
Spark History Service
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37186/
-----------------------------------------------------------
Review request for Ambari, Mahadev Konar and Robert Nettleton.
Bugs: AMBARI-12284
https://issues.apache.org/jira/browse/AMBARI-12284
Repository: ambari
Description
-------
When Ambari sets up a secure spark cluster, it doesn't set
This will still fail tests unless the line
```
spark.history.kerberos.enabled true
```
is added to `spark-defaults.conf`
without this the Spark History Service will not log in with the keytab, and so not set up a long-lived secure connection to a Yarn History Server with encryption on.
This isn't immediately visible (and hard to sport in the tests), because if the user spark has logged in with `kinit`, the TGT is picked up and used — which works until the ticket expires.
Diffs
-----
ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json 60c9bfa
Diff: https://reviews.apache.org/r/37186/diff/
Testing
-------
Thanks,
Robert Levas
Re: Review Request 37186: Ambari omits the line to enable kerberos on
the Spark History Service
Posted by Robert Nettleton <rn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37186/#review94409
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Nettleton
On Aug. 6, 2015, 2:40 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37186/
> -----------------------------------------------------------
>
> (Updated Aug. 6, 2015, 2:40 p.m.)
>
>
> Review request for Ambari, Mahadev Konar and Robert Nettleton.
>
>
> Bugs: AMBARI-12284
> https://issues.apache.org/jira/browse/AMBARI-12284
>
>
> Repository: ambari
>
>
> Description
> -------
>
> When Ambari sets up a secure spark cluster, it doesn't set
>
> This will still fail tests unless the line
> ```
> spark.history.kerberos.enabled true
> ```
> is added to `spark-defaults.conf`
>
> without this the Spark History Service will not log in with the keytab, and so not set up a long-lived secure connection to a Yarn History Server with encryption on.
>
> This isn't immediately visible (and hard to sport in the tests), because if the user spark has logged in with `kinit`, the TGT is picked up and used — which works until the ticket expires.
>
>
> Diffs
> -----
>
> ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json 60c9bfa
>
> Diff: https://reviews.apache.org/r/37186/diff/
>
>
> Testing
> -------
>
> #Jenkins test result: PENDING
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 37186: Ambari omits the line to enable kerberos on
the Spark History Service
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37186/
-----------------------------------------------------------
(Updated Aug. 6, 2015, 10:40 a.m.)
Review request for Ambari, Mahadev Konar and Robert Nettleton.
Bugs: AMBARI-12284
https://issues.apache.org/jira/browse/AMBARI-12284
Repository: ambari
Description
-------
When Ambari sets up a secure spark cluster, it doesn't set
This will still fail tests unless the line
```
spark.history.kerberos.enabled true
```
is added to `spark-defaults.conf`
without this the Spark History Service will not log in with the keytab, and so not set up a long-lived secure connection to a Yarn History Server with encryption on.
This isn't immediately visible (and hard to sport in the tests), because if the user spark has logged in with `kinit`, the TGT is picked up and used — which works until the ticket expires.
Diffs
-----
ambari-server/src/main/resources/common-services/SPARK/1.2.0.2.2/kerberos.json 60c9bfa
Diff: https://reviews.apache.org/r/37186/diff/
Testing (updated)
-------
#Jenkins test result: PENDING
Thanks,
Robert Levas