Support Questions

amol_08 · ‎08-22-2018

I am accessing spark2 history server we b ui but I am getting the below error :

java.io.IOException: Failed on local exception: java.io.IOException: Couldn't setup connection for spark-clustername@SOLON.PRD to FQDN/ip:8020; Host Details : local host is: "FQDN/IP"; destination host is: "FQDN":8020; 
	at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:782)
	at org.apache.hadoop.ipc.Client.getRpcResponse(Client.java:1558)
	at org.apache.hadoop.ipc.Client.call(Client.java:1498)
	at org.apache.hadoop.ipc.Client.call(Client.java:1398)
	at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:233)
	at com.sun.proxy.$Proxy10.setSafeMode(Unknown Source)
	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolTranslatorPB.setSafeMode(ClientNamenodeProtocolTranslatorPB.java:713)
	at sun.reflect.GeneratedMethodAccessor18.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
	at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:413)
	at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:595)
	at org.apache.hadoop.ipc.Client$Connection.access$2000(Client.java:397)
	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:762)
	at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:758)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1866)
	at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:7

jsensharma · ‎08-22-2018

@Anurag Mishra

If you are using Firefox "about:config" and then search for the following two properties and set the values to the hostname/domain that are secured: (Please use your own Spark2 UI hostname/domain name here)

network.negotiate-auth.delegation-uris=sandbox.hortonworks.com,.hortonworks.com
network.negotiate-auth.trusted-uris=sandbox.hortonworks.com,.hortonworks.com

Here you need to define the hostname/domain that you are using.

Now get the keytab on your local machine (laptop) where browser is running and then do the kinit. Then refresh the browser. Example:

kinit --kdc-hostname=kdc.hortonworks.com  -t /PATH/TO/spark.service.keytab spark/sandbox.hortonworks.com@EXAMPLE.COM

. Here you will need to do kinit with your own keytab. In above example i am using spark service keytab (just for example)

amol_08 · ‎08-22-2018

I am using google chrome

jsensharma · ‎08-22-2018

@Anurag Mishra

For google chrome SPNEGO settings please refer to:

https://specopssoft.com/blog/configuring-chrome-and-firefox-for-windows-integrated-authentication/

Support Questions

Spark2 web UI not working