Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

What are the best practices to secure spark on HDP 2.3

Labels:
avatar
author-rank Eran author-rank
Rising Star

Created ‎10-31-2015 01:08 AM

 
2,821 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank vshukla
Guru

Created ‎11-03-2015 08:57 PM

Spark reads from HDFS and sends jobs to YARN. So security for both HDFS, YARN managed by Ranger works with Spark. From security point of view this is very similar to MR jobs being run on YARN.

Since Spark reads from HDFS using HDFS client, the HDFS TDE feature is transparent to Spark and with right key permissions for user running Spark job, there is nothing in Spark to configure.

Knox isn’t yet relevant to Spark. In future when we have a REST API for Spark, we will integrate Knox with it.

View solution in original post

2,498 Views
0
6 REPLIES 6

avatar
author-rank nsabharwal
Master Mentor

Created ‎10-31-2015 01:18 AM

@eorgad@hortonworks.com

Spark and Kerberos

2,498 Views
0 Kudos

avatar
author-rank Eran author-rank
Rising Star

Created ‎11-03-2015 07:59 PM

So the real problem in our documentation - Best practices, has a conflicting message "use HiveContext (instead of SQLContext) whenever possible" but In YARN cluster mode with Kerberos, use SQLContext !

http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_spark-guide/content/ch_practices-spark.ht...

2,498 Views
0 Kudos

avatar
author-rank nsabharwal
Master Mentor

Created ‎11-03-2015 08:05 PM

@eorgad@hortonworks.com because "In YARN cluster mode with Kerberos, use SQLContext. HiveContext is not supported on YARN in a Kerberos-enabled cluster."

2,498 Views
0 Kudos

avatar
author-rank ldaluz author-rank
Expert Contributor

Created ‎11-03-2015 08:14 PM

@Neeraj The docs are conflicting. It is recommending "use HiveContext" in secure mode (with kerberos): http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_spark-guide/content/ch_installing-kerb-sp... and under best practices it states that it is not supported with Kerberos: http://docs.hortonworks.com/HDPDocuments/HDP2/HDP-2.3.2/bk_spark-guide/content/ch_practices-spark.ht...

2,498 Views
0 Kudos

avatar
author-rank vshukla
Guru

Created ‎11-03-2015 08:56 PM

This is a doc bug, filed BUG-47289

Use HiveContext and it should work in Kerberized Cluster with HDP 2.3.2

2,498 Views

avatar
author-rank vshukla
Guru

Created ‎11-03-2015 08:57 PM

Spark reads from HDFS and sends jobs to YARN. So security for both HDFS, YARN managed by Ranger works with Spark. From security point of view this is very similar to MR jobs being run on YARN.

Since Spark reads from HDFS using HDFS client, the HDFS TDE feature is transparent to Spark and with right key permissions for user running Spark job, there is nothing in Spark to configure.

Knox isn’t yet relevant to Spark. In future when we have a REST API for Spark, we will integrate Knox with it.

2,499 Views
0
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements