You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@livy.apache.org by "Alex Ang Hock Hee (Jira)" <ji...@apache.org> on 2020/03/25 15:35:00 UTC
[jira] [Created] (LIVY-753) How to submit keytab to kerberoized
livy service remotely
Alex Ang Hock Hee created LIVY-753:
--------------------------------------
Summary: How to submit keytab to kerberoized livy service remotely
Key: LIVY-753
URL: https://issues.apache.org/jira/browse/LIVY-753
Project: Livy
Issue Type: Question
Components: API
Affects Versions: 0.7.0, 0.6.0
Reporter: Alex Ang Hock Hee
I have setup livy in a kerberized environment and have impersonation disabled (livy.impersonation.enabled = false). I can't use impersonation due to access issue with the proxy user.
Hence, jobs have to send their principal and keytab using the spark configs "spark.yarn.principal" and "spark.yarn.keytab". In my testing, I found that spark.yarn.keytab only accepts local file and the keytab file would need to reside on the same server as the livy service. However, I would like to allow remote access to the livy endpoint, which the keytab would then be on a remote machine.
Hence, I would like to check how to submit the keytab remotely. I have tried using the files parameter but could not get it to work.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)