[KUDU-1999] Spark connector should login with Kerberos credentials on driver - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.3.0
Fix Version/s: 1.3.2, 1.4.0
Component/s: spark
Labels:
None

Description

The Kudu Spark connector doesn't currently take advantage of the provided keytab and principal, if it's available. This is typical when Spark is in cluster mode with Yarn. As a result, the driver will fail to connect to a secured Kudu cluster with the following error:

17/05/08 16:59:01 ERROR client.TabletClient: [Peer master-kudu-spark-secure-1.gce.cloudera.com:7051] Unexpected exception from downstream on [id: 0x3edb20f5, /172.31.113.23:48366 => kudu-spark-secure-1.gce.cloudera.com/172.31.113.22:7051]
java.lang.RuntimeException: java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
	at org.apache.kudu.client.shaded.com.google.common.base.Throwables.propagate(Throwables.java:160)
	at org.apache.kudu.client.Negotiator.evaluateChallenge(Negotiator.java:678)
...

The fix is to explicitly kinit with the principal and keytab passed to the job.

Attachments

Activity

People

Assignee:: Dan Burkert

Reporter:: Dan Burkert

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 09/May/17 00:52

Updated:: 10/May/17 02:11

Resolved:: 10/May/17 00:53