Github user jelmerk commented on the issue:
https://github.com/apache/spark/pull/19227
I posted a workaround in the discussion for
https://issues.apache.org/jira/browse/SPARK-5158
---
-
To unsubscribe, e-mail:
Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/19227
> If people have a standalone cluster they have secured off for only a set
of users and they all run under a single user, having access to secure HDFS is
still very useful.
No disputing
Github user tgravescs commented on the issue:
https://github.com/apache/spark/pull/19227
just to throw my 2 cents in, I agree with Vanzin that its not secure but at
the same time there are probably use cases its ok. If people have a standalone
cluster they have secured off for only
Github user jerryshao commented on the issue:
https://github.com/apache/spark/pull/19227
I see, so based on your comments:
1. Mesos should not honor principal/keytab configuration. Instead of rename
them, we should remove the `MESOS` here:
```
if
Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/19227
> Current Spark on Mesos code actually honors it:
Then it really shouldn't. Those options are for long lived applications and
Mesos don't yet support those.
---
Github user jerryshao commented on the issue:
https://github.com/apache/spark/pull/19227
> I don't think Mesos honors it (and it shouldn't be, since IIRC it hasn't
implemented long-lived app support yet).
Current Spark on Mesos code actually honors it:
```
//
Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/19227
> so that's why I rename them. What do you think?
I think that should be a separate change. I don't think Mesos honors it
(and it shouldn't be, since IIRC it hasn't implemented long-lived
Github user jerryshao commented on the issue:
https://github.com/apache/spark/pull/19227
The purpose of changing configuration name is that these configurations are
not only used by yarn mode in `SparkSubmit`, Mesos, local will also honor this,
so that's why I rename them. What do
Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/19227
If you're not touching keytabs why are you changing the property names,
which would be an unrelated change? You don't need principal / keytab to get
delegation tokens. You just login with `kinit`.
Github user jerryshao commented on the issue:
https://github.com/apache/spark/pull/19227
Hi @vanzin thanks a lot for your comments. Would you please elaborate more?
I'm not sure if I really understand your comment. According to this PR I don't
think I ship the keytab around in
Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/19227
As I've mentioned in other PRs that attempted this, I don't think it's a
good idea to support shipping keytabs around in standalone mode, because it
doesn't provide user isolation. That makes it
Github user AmplabJenkins commented on the issue:
https://github.com/apache/spark/pull/19227
Test PASSed.
Refer to this link for build results (access rights to CI server needed):
https://amplab.cs.berkeley.edu/jenkins//job/SparkPullRequestBuilder/81750/
Test PASSed.
---
Github user AmplabJenkins commented on the issue:
https://github.com/apache/spark/pull/19227
Merged build finished. Test PASSed.
---
-
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional
Github user SparkQA commented on the issue:
https://github.com/apache/spark/pull/19227
**[Test build #81750 has
finished](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/81750/testReport)**
for PR 19227 at commit
Github user SparkQA commented on the issue:
https://github.com/apache/spark/pull/19227
**[Test build #81750 has
started](https://amplab.cs.berkeley.edu/jenkins/job/SparkPullRequestBuilder/81750/testReport)**
for PR 19227 at commit
15 matches
Mail list logo
