Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Lauch spark job from oozie shell-action in kerberized cluster w/o keytab

Labels:
avatar
author-rank juan_manuel_nie
Expert Contributor

Created ‎05-18-2017 10:30 AM

Hello community,

I've a cluster secured with one way trust relationship with an AD, before enable security in the cluster I was able to excute spark via oozie using a shell-action.

Is there a way to keep doing it without have to propagate my keytab in every nodemamanager? I've seen that for hive from shell-action you can pass the HADOOP_TOKEN_FILE_LOCATION variable to use it, can I do something similar with spark? if not what alternatives do I have?

The problem with the keytab is that I've to change the password every moth so I would have to copy the keytab everytime it changes...

Thank you in advance.

2,380 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank xin_wang
Contributor

Created ‎05-20-2017 12:30 AM

You can upload your keytab file to workflow lib folder so that the keytab will copy to the container folder no matter the job is running on which nodemanager.

Then you can specify the --keytab your-keytab --principal your-principal in your spark-submit command.

But you have to upload the update keytab to workflow lib folder every time you change the password.

View solution in original post

2,011 Views
0 Kudos
2 REPLIES 2

avatar
author-rank vbonthu
Expert Contributor

Created ‎05-18-2017 03:02 PM

@Juan Manuel Nieto Yes, if its kerberized environment you need to provide the keytab to authenticate. Since you are using shell-action you can use kinit too.

2,011 Views
0 Kudos

avatar
author-rank xin_wang
Contributor

Created ‎05-20-2017 12:30 AM

You can upload your keytab file to workflow lib folder so that the keytab will copy to the container folder no matter the job is running on which nodemanager.

Then you can specify the --keytab your-keytab --principal your-principal in your spark-submit command.

But you have to upload the update keytab to workflow lib folder every time you change the password.

2,012 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements