Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1999

Spark connector should login with Kerberos credentials on driver

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Blocker
    • Resolution: Fixed
    • 1.3.0
    • 1.3.2, 1.4.0
    • spark
    • None

    Description

      The Kudu Spark connector doesn't currently take advantage of the provided keytab and principal, if it's available. This is typical when Spark is in cluster mode with Yarn. As a result, the driver will fail to connect to a secured Kudu cluster with the following error:

      17/05/08 16:59:01 ERROR client.TabletClient: [Peer master-kudu-spark-secure-1.gce.cloudera.com:7051] Unexpected exception from downstream on [id: 0x3edb20f5, /172.31.113.23:48366 => kudu-spark-secure-1.gce.cloudera.com/172.31.113.22:7051]
      java.lang.RuntimeException: java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
      	at org.apache.kudu.client.shaded.com.google.common.base.Throwables.propagate(Throwables.java:160)
      	at org.apache.kudu.client.Negotiator.evaluateChallenge(Negotiator.java:678)
      ...
      

      The fix is to explicitly kinit with the principal and keytab passed to the job.

      Attachments

        Activity

          People

            danburkert Dan Burkert
            danburkert Dan Burkert
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: