[SPARK-19588] Allow putting keytab file to HDFS location specified in spark.yarn.keytab - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Incomplete
Affects Version/s: 2.0.2, 2.1.0
Fix Version/s: None
Component/s: Spark Core, Spark Submit
Labels:
Environment:

kerberized cluster, Spark 2

Description

As a workaround for ~~SPARK-19038~~ tried putting keytab in user's home directory in HDFS but this fails with

Exception in thread "main" org.apache.spark.SparkException: Keytab file: hdfs:///user/svc_odiprd/.kt does not exist
        at org.apache.spark.deploy.SparkSubmit$.prepareSubmitEnvironment(SparkSubmit.scala:555)
        at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:158)
        at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:124)
        at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala)

This is yarn-client mode, so driver probably can't see HDFS while submitting a job; although I suspect it doesn't not only with yarn-client.

Would be great to support reading keytab for kerberos ticket renewals directly from HDFS.

We think that in some scenarios it's more secure than referencing a keytab from a local fs on a client machine that does a spark-submit.

Attachments

Issue Links

relates to

SPARK-19038 Can't find keytab file when using Hive catalog

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Ruslan Dautkhanov

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/Feb/17 03:31

Updated:: 21/May/19 04:14

Resolved:: 21/May/19 04:14