You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@spark.apache.org by "Chenhao Wu (Jira)" <ji...@apache.org> on 2020/06/04 22:12:00 UTC
[jira] [Updated] (SPARK-31909) Spark Beeline is not able to pick up
krb5.conf address specified in spark_env.sh
[ https://issues.apache.org/jira/browse/SPARK-31909?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chenhao Wu updated SPARK-31909:
-------------------------------
Description:
The krb5.conf address is defined in file spark_env.sh using SPARK_SUBMIT_OPTS.
When using Spark beeline to connect to either Hive Thrift Server Or Spark Thrift Server in Kerberos environment, it will not able to pick up those variables. And thus it generates errors like:
{code:java}
java.lang.IllegalStateException: Unable to get current login user: java.io.IOException: failure to loginjava.lang.IllegalStateException: Unable to get current login user: java.io.IOException: failure to login at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createClientWithConf(HadoopThriftAuthBridge.java:87) at org.apache.hive.service.auth.KerberosSaslHelper.getKerberosTransport(KerberosSaslHelper.java:55) at org.apache.hive.jdbc.HiveConnection.createBinaryTransport(HiveConnection.java:445) at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:201) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:176) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:208) at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:142) at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:207) at org.apache.hive.beeline.Commands.connect(Commands.java:1149) at org.apache.hive.beeline.Commands.connect(Commands.java:1070) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52) at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:970) at org.apache.hive.beeline.BeeLine.initArgs(BeeLine.java:707) at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:757) at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:484) at org.apache.hive.beeline.BeeLine.main(BeeLine.java:467)Caused by: java.io.IOException: failure to login at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:824) at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:761) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createClientWithConf(HadoopThriftAuthBridge.java:85) ... 21 moreCaused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name name@example.com: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@example.com at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:200) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:588) at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:799) ... 23 more
{code}
In spark-class script, the final exec command only generates this
{code:java}
exec /usr/lib/jvm/zulu-8//bin/java -cp '/usr/lib/spark/conf/:/usr/lib/spark/jars/*:/etc/hadoop/conf/' -Xmx1g org.apache.hive.beeline.BeeLine -u 'jdbc:hive2://some_string:12000/;principal=some_principal;auth=kerberos;'
{code}
which doesn't have the SPARK_SUBMIT_OPT variable contents.
was:
The krb5.conf address is defined in file spark_env.sh using SPARK_SUBMIT_OPTS.
When using Spark beeline to connect to either Hive Thrift Server Or Spark Thrift Server in Kerberos environment, it will not able to pick up those variables. And thus it generates errors like:
{code:java}
java.lang.IllegalStateException: Unable to get current login user: java.io.IOException: failure to loginjava.lang.IllegalStateException: Unable to get current login user: java.io.IOException: failure to login at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createClientWithConf(HadoopThriftAuthBridge.java:87) at org.apache.hive.service.auth.KerberosSaslHelper.getKerberosTransport(KerberosSaslHelper.java:55) at org.apache.hive.jdbc.HiveConnection.createBinaryTransport(HiveConnection.java:445) at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:201) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:176) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:208) at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:142) at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:207) at org.apache.hive.beeline.Commands.connect(Commands.java:1149) at org.apache.hive.beeline.Commands.connect(Commands.java:1070) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52) at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:970) at org.apache.hive.beeline.BeeLine.initArgs(BeeLine.java:707) at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:757) at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:484) at org.apache.hive.beeline.BeeLine.main(BeeLine.java:467)Caused by: java.io.IOException: failure to login at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:824) at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:761) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createClientWithConf(HadoopThriftAuthBridge.java:85) ... 21 moreCaused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name name@example.com: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@example.com at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:200) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:588) at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:799) ... 23 more
{code}
In spark-class script, the final exec command only generates this
{code:java}
exec /usr/lib/jvm/zulu-8//bin/java -cp '/usr/lib/spark/conf/:/usr/lib/spark/jars/*:/etc/hadoop/conf/' -Xmx1g org.apache.hive.beeline.BeeLine -u 'jdbc:hive2://some_string:12000/;principal=some_principal;auth=kerberos;'
{code}
> Spark Beeline is not able to pick up krb5.conf address specified in spark_env.sh
> --------------------------------------------------------------------------------
>
> Key: SPARK-31909
> URL: https://issues.apache.org/jira/browse/SPARK-31909
> Project: Spark
> Issue Type: Bug
> Components: Spark Core
> Affects Versions: 2.4.4
> Reporter: Chenhao Wu
> Priority: Major
>
> The krb5.conf address is defined in file spark_env.sh using SPARK_SUBMIT_OPTS.
> When using Spark beeline to connect to either Hive Thrift Server Or Spark Thrift Server in Kerberos environment, it will not able to pick up those variables. And thus it generates errors like:
> {code:java}
> java.lang.IllegalStateException: Unable to get current login user: java.io.IOException: failure to loginjava.lang.IllegalStateException: Unable to get current login user: java.io.IOException: failure to login at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createClientWithConf(HadoopThriftAuthBridge.java:87) at org.apache.hive.service.auth.KerberosSaslHelper.getKerberosTransport(KerberosSaslHelper.java:55) at org.apache.hive.jdbc.HiveConnection.createBinaryTransport(HiveConnection.java:445) at org.apache.hive.jdbc.HiveConnection.openTransport(HiveConnection.java:201) at org.apache.hive.jdbc.HiveConnection.<init>(HiveConnection.java:176) at org.apache.hive.jdbc.HiveDriver.connect(HiveDriver.java:105) at java.sql.DriverManager.getConnection(DriverManager.java:664) at java.sql.DriverManager.getConnection(DriverManager.java:208) at org.apache.hive.beeline.DatabaseConnection.connect(DatabaseConnection.java:142) at org.apache.hive.beeline.DatabaseConnection.getConnection(DatabaseConnection.java:207) at org.apache.hive.beeline.Commands.connect(Commands.java:1149) at org.apache.hive.beeline.Commands.connect(Commands.java:1070) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.hive.beeline.ReflectiveCommandHandler.execute(ReflectiveCommandHandler.java:52) at org.apache.hive.beeline.BeeLine.dispatch(BeeLine.java:970) at org.apache.hive.beeline.BeeLine.initArgs(BeeLine.java:707) at org.apache.hive.beeline.BeeLine.begin(BeeLine.java:757) at org.apache.hive.beeline.BeeLine.mainWithInputRedirection(BeeLine.java:484) at org.apache.hive.beeline.BeeLine.main(BeeLine.java:467)Caused by: java.io.IOException: failure to login at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:824) at org.apache.hadoop.security.UserGroupInformation.getLoginUser(UserGroupInformation.java:761) at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createClientWithConf(HadoopThriftAuthBridge.java:85) ... 21 moreCaused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name name@example.com: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to name@example.com at org.apache.hadoop.security.UserGroupInformation$HadoopLoginModule.commit(UserGroupInformation.java:200) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:588) at org.apache.hadoop.security.UserGroupInformation.loginUserFromSubject(UserGroupInformation.java:799) ... 23 more
> {code}
> In spark-class script, the final exec command only generates this
> {code:java}
> exec /usr/lib/jvm/zulu-8//bin/java -cp '/usr/lib/spark/conf/:/usr/lib/spark/jars/*:/etc/hadoop/conf/' -Xmx1g org.apache.hive.beeline.BeeLine -u 'jdbc:hive2://some_string:12000/;principal=some_principal;auth=kerberos;'
> {code}
> which doesn't have the SPARK_SUBMIT_OPT variable contents.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org