Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1999

Spark connector should login with Kerberos credentials on driver

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.3.0
    • Fix Version/s: 1.3.2, 1.4.0
    • Component/s: spark
    • Labels:
      None

      Description

      The Kudu Spark connector doesn't currently take advantage of the provided keytab and principal, if it's available. This is typical when Spark is in cluster mode with Yarn. As a result, the driver will fail to connect to a secured Kudu cluster with the following error:

      17/05/08 16:59:01 ERROR client.TabletClient: [Peer master-kudu-spark-secure-1.gce.cloudera.com:7051] Unexpected exception from downstream on [id: 0x3edb20f5, /172.31.113.23:48366 => kudu-spark-secure-1.gce.cloudera.com/172.31.113.22:7051]
      java.lang.RuntimeException: java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
      	at org.apache.kudu.client.shaded.com.google.common.base.Throwables.propagate(Throwables.java:160)
      	at org.apache.kudu.client.Negotiator.evaluateChallenge(Negotiator.java:678)
      ...
      

      The fix is to explicitly kinit with the principal and keytab passed to the job.

        Attachments

          Activity

            People

            • Assignee:
              danburkert Dan Burkert
              Reporter:
              danburkert Dan Burkert
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: