You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@carbondata.apache.org by ra...@apache.org on 2019/05/29 06:27:11 UTC

[carbondata] branch master updated: [CARBONDATA-3400] Support IndexSever for Spark-Shell in secure Mode(kerberos)

This is an automated email from the ASF dual-hosted git repository.

ravipesala pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/carbondata.git


The following commit(s) were added to refs/heads/master by this push:
     new bf096e1  [CARBONDATA-3400] Support IndexSever for Spark-Shell in secure Mode(kerberos)
bf096e1 is described below

commit bf096e128f35865c7cd46cd5a5058c8e5227d773
Author: BJangir <ba...@gmail.com>
AuthorDate: Mon May 27 15:26:21 2019 +0530

    [CARBONDATA-3400] Support IndexSever for Spark-Shell in secure Mode(kerberos)
    
    Problem
    In spark-shell OR Spark-Submit mode, Application user and IndexServer User are different .
    Application user is based on Kinit user OR based on spark.yarn.principle user whereas Indexserver user is based on spark.carbon.indexserver.principal . it is possible that both are different as Indexserver should have it's own authentication principle and should not depend on Application principle so that any application's Query(Thrifserver,Spark-shell,Spark-sql,Spark-Submit) can be served from IndexServer.
    
    Solution
    Authenticate the IndexServer by it's own principle and keytab.
    keytab is required so that long run application (client and indexserver ) does not impacted on token expire.
    
    Note:- Spark-default.conf of Thriftserver (beeline), spark-submit ,spark-sql should have both spark.carbon.indexserver.principal and spark.carbon.indexserver.keytab.
    
    This closes #3240
---
 .../scala/org/apache/carbondata/indexserver/IndexServer.scala    | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/integration/spark2/src/main/scala/org/apache/carbondata/indexserver/IndexServer.scala b/integration/spark2/src/main/scala/org/apache/carbondata/indexserver/IndexServer.scala
index e738fb3..f066095 100644
--- a/integration/spark2/src/main/scala/org/apache/carbondata/indexserver/IndexServer.scala
+++ b/integration/spark2/src/main/scala/org/apache/carbondata/indexserver/IndexServer.scala
@@ -167,9 +167,16 @@ object IndexServer extends ServerInterface {
    */
   def getClient: ServerInterface = {
     import org.apache.hadoop.ipc.RPC
+    val indexServerUser = sparkSession.sparkContext.getConf
+      .get("spark.carbon.indexserver.principal", "")
+    val indexServerKeyTab = sparkSession.sparkContext.getConf
+      .get("spark.carbon.indexserver.keytab", "")
+    val ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(indexServerUser,
+      indexServerKeyTab)
+    LOGGER.info("Login successful for user " + indexServerUser);
     RPC.getProxy(classOf[ServerInterface],
       RPC.getProtocolVersion(classOf[ServerInterface]),
-      new InetSocketAddress(serverIp, serverPort), UserGroupInformation.getLoginUser,
+      new InetSocketAddress(serverIp, serverPort), ugi,
       FileFactory.getConfiguration, NetUtils.getDefaultSocketFactory(FileFactory.getConfiguration))
   }
 }