Github user vanzin commented on a diff in the pull request:
https://github.com/apache/spark/pull/16923#discussion_r102361677
--- Diff:
sql/hive/src/main/scala/org/apache/spark/sql/hive/client/HiveClientImpl.scala
---
@@ -106,21 +106,33 @@ private[hive] class HiveClientImpl(
// Set up kerberos credentials for UserGroupInformation.loginUser
within
// current class loader
- // Instead of using the spark conf of the current spark context, a new
- // instance of SparkConf is needed for the original value of
spark.yarn.keytab
- // and spark.yarn.principal set in SparkSubmit, as yarn.Client resets
the
- // keytab configuration for the link name in distributed cache
if (sparkConf.contains("spark.yarn.principal") &&
sparkConf.contains("spark.yarn.keytab")) {
val principalName = sparkConf.get("spark.yarn.principal")
- val keytabFileName = sparkConf.get("spark.yarn.keytab")
- if (!new File(keytabFileName).exists()) {
- throw new SparkException(s"Keytab file: ${keytabFileName}" +
- " specified in spark.yarn.keytab does not exist")
- } else {
- logInfo("Attempting to login to Kerberos" +
- s" using principal: ${principalName} and keytab:
${keytabFileName}")
- UserGroupInformation.loginUserFromKeytab(principalName,
keytabFileName)
+ val keytabFileName = {
+ val keytab = sparkConf.get("spark.yarn.keytab")
+ if (new File(keytab).exists()) {
+ keytab
+ } else {
+ // Instead of using the spark conf of the current spark context,
a new
+ // instance of SparkConf is needed for the original value of
spark.yarn.keytab
+ // set in SparkSubmit, as yarn.Client resets the keytab
configuration for the link name
+ // in distributed cache, and this will make Spark driver fail to
get correct keytab
+ // path in yarn client mode.
+ val originKeytab = new SparkConf().get("spark.yarn.keytab")
+ require(originKeytab != null,
+ "spark.yarn.keytab is not configured, this is unexpected")
+ if (new File(originKeytab).exists()) {
+ originKeytab
+ } else {
+ throw new SparkException(s"Keytab file: $originKeytab " +
+ s"specified in spark.yarn.keytab does not exist")
+ }
+ }
}
+
+ logInfo("Attempting to login to Kerberos" +
+ s" using principal: ${principalName} and keytab:
${keytabFileName}")
+ UserGroupInformation.loginUserFromKeytab(principalName,
keytabFileName)
--- End diff --
Ok, I think I can see a cleaner solution that what I proposed. Sorry for
flip-flopping on this.
Instead of overwriting the `KEYTAB` value in Client.scala, instead, how
about:
- keep the keytab name in an instance variable
- don't update SparkConf, and use the instance variable in the `distribute`
call (around L470)
- when writing the AM conf, overwrite `KEYTAB.key` in the properties
instance (around L708)
That avoids the second config, and keeps all the code to handle the
different locations in one place (Client.scala), without having to change
anywhere else.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
