You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@livy.apache.org by "Alex Ang Hock Hee (Jira)" <ji...@apache.org> on 2020/03/25 15:35:00 UTC

[jira] [Created] (LIVY-753) How to submit keytab to kerberoized livy service remotely

Alex Ang Hock Hee created LIVY-753:
--------------------------------------

             Summary: How to submit keytab to kerberoized livy service remotely
                 Key: LIVY-753
                 URL: https://issues.apache.org/jira/browse/LIVY-753
             Project: Livy
          Issue Type: Question
          Components: API
    Affects Versions: 0.7.0, 0.6.0
            Reporter: Alex Ang Hock Hee


I have setup livy in a kerberized environment and have impersonation disabled (livy.impersonation.enabled = false). I can't use impersonation due to access issue with the proxy user. 

Hence, jobs have to send their principal and keytab using the spark configs "spark.yarn.principal" and "spark.yarn.keytab". In my testing, I found that spark.yarn.keytab only accepts local file and the keytab file would need to reside on the same server as the livy service. However, I would like to allow remote access to the livy endpoint, which the keytab would then be on a remote machine. 

Hence, I would like to check how to submit the keytab remotely. I have tried using the files parameter but could not get it to work.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)