You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by zjffdu <gi...@git.apache.org> on 2018/01/22 01:46:02 UTC
[GitHub] zeppelin pull request #2737: ZEPPELIN-3181. Enable impersonation support for...
GitHub user zjffdu opened a pull request:
https://github.com/apache/zeppelin/pull/2737
ZEPPELIN-3181. Enable impersonation support for kerberized cluster
### What is this PR for?
This is to enable kerberos support for spark yarn mode in impersonation. Spark has one limitation that you can not specify keytab & proxyuser together. So this PR would run kinit before launching spark interpreter. so that user can enable impersonation for secured cluster.
### What type of PR is it?
[Improvement | Feature]
### Todos
* [ ] - Task
### What is the Jira issue?
* https://issues.apache.org/jira/browse/ZEPPELIN-3181
### How should this be tested?
* Verified manually, see the following screenshot.
### Screenshots (if appropriate)
![screen shot 2018-01-22 at 9 45 26 am](https://user-images.githubusercontent.com/164491/35201760-01462290-ff59-11e7-966b-b7b4e4df8b64.png)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/zjffdu/zeppelin ZEPPELIN-3181
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2737.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2737
----
commit 2ae52980a57d44b9d19da515ecb8594a19af9efb
Author: Jeff Zhang <zj...@...>
Date: 2018-01-22T01:00:42Z
ZEPPELIN-3181. Enable kerberos support for Spark Yarn Cluster in impersonation mode
----
---
[GitHub] zeppelin issue #2737: ZEPPELIN-3181. Enable impersonation support for kerber...
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/2737
@felixcheung @prabhjyotsingh Could you help review it ? Thanks
---
[GitHub] zeppelin issue #2737: ZEPPELIN-3181. Enable impersonation support for kerber...
Posted by prabhjyotsingh <gi...@git.apache.org>.
Github user prabhjyotsingh commented on the issue:
https://github.com/apache/zeppelin/pull/2737
Does it not requires renew of keytab? Or this takes care of it ?
```
env.put("ZEPPELIN_SERVER_KERBEROS_KEYTAB", keytab);
env.put("ZEPPELIN_SERVER_KERBEROS_PRINCIPAL", principal);
```
---
[GitHub] zeppelin issue #2737: ZEPPELIN-3181. Enable impersonation support for kerber...
Posted by hayssams <gi...@git.apache.org>.
Github user hayssams commented on the issue:
https://github.com/apache/zeppelin/pull/2737
I suspect a problem with this PR if the Kerberos ticket duration is shorter than the interpreter lifetime.
That is why I previously opened a PR that explicitly do a ticket renewal at an interval defined by the user. Please check the following PR https://github.com/apache/zeppelin/pull/2719
---
[GitHub] zeppelin pull request #2737: ZEPPELIN-3181. Enable impersonation support for...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/zeppelin/pull/2737
---
[GitHub] zeppelin issue #2737: ZEPPELIN-3181. Enable impersonation support for kerber...
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/2737
Merge if no more comments
---
[GitHub] zeppelin issue #2737: ZEPPELIN-3181. Enable impersonation support for kerber...
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/2737
`interpreter.sh` will run kinit each time.
---