You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by hayssams <gi...@git.apache.org> on 2018/01/06 18:53:43 UTC
[GitHub] zeppelin pull request #2719: Spark impersonation
GitHub user hayssams opened a pull request:
https://github.com/apache/zeppelin/pull/2719
Spark impersonation
### What is this PR for?
Makes Spark Interperter impersonate front-end user using spark.yarn.principal who becomes the only user to be declared in hadoop core-site.xml (hadoop.proxyuser.<USER>.hosts)
Added Kerberos auto-renewal flag in zeppelin-site.xml (zeppelin.kerberos.renew.period) / ZEPPELIN_KERBEROS_RENEW_PERIOD env var
### What type of PR is it?
[Bug Fix]
### Todos
* [ ] - Task
### What is the Jira issue?
* [ZEPPELIN-2066]
### How should this be tested?
* Manually against kerberized HDFS cluster.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Yes. To document the kerberos ticket renewal period flag
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/ebiznext/zeppelin SPARK-IMPERSONATION
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/zeppelin/pull/2719.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #2719
----
commit b6f8e9dd3ca78d295748612f10f4e7994dca374e
Author: Hayssam Saleh <ha...@...>
Date: 2018-01-06T17:26:36Z
It should be possible to impersonate user in Per Note /Isolated Mode.
commit c6a84bc2e849478cab057cb63932a419506d030d
Author: Hayssam Saleh <ha...@...>
Date: 2018-01-06T17:57:49Z
how often the kerberos ticket should be renewed (in minutes)
commit b42870de60de0be3f18ff687da147057065930d0
Author: Hayssam Saleh <ha...@...>
Date: 2018-01-06T18:01:10Z
Kinit before launching and renew ticket every ZEPPELIN_KERBEROS_RENEW_PERIOD minutes
commit 96b4b94293f7c43b05be216722cc504c9efb49a0
Author: Hayssam Saleh <ha...@...>
Date: 2018-01-06T18:36:55Z
revert UI
----
---
[GitHub] zeppelin issue #2719: Spark impersonation
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/2719
Thanks @hayssams for confirm
---
[GitHub] zeppelin issue #2719: Spark impersonation
Posted by zjffdu <gi...@git.apache.org>.
Github user zjffdu commented on the issue:
https://github.com/apache/zeppelin/pull/2719
Thanks @hayssams for the contribution. Several comments
1. Have you verified the current mechanism of kerberos support ?
2. This PR seems only work with yarn client mode, but not yarn cluster mode. As in yarn cluster mode, there's no keytab file in driver side.
---
[GitHub] zeppelin pull request #2719: Spark impersonation
Posted by hayssams <gi...@git.apache.org>.
Github user hayssams closed the pull request at:
https://github.com/apache/zeppelin/pull/2719
---
[GitHub] zeppelin issue #2719: Spark impersonation
Posted by hayssams <gi...@git.apache.org>.
Github user hayssams commented on the issue:
https://github.com/apache/zeppelin/pull/2719
@zjffdu my bas. Ticket renewal is not required. Thanks for your clarification.
---