spark-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marcelo Vanzin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SPARK-19143) API in Spark for distributing new delegation tokens (Improve delegation token handling in secure clusters)
Date Tue, 10 Jan 2017 17:49:58 GMT

    [ https://issues.apache.org/jira/browse/SPARK-19143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15815643#comment-15815643
] 

Marcelo Vanzin commented on SPARK-19143:
----------------------------------------

bq. My initial thought was to create an rpc between the client on gateways and the driver/AM
(running on yarn node) and transfer the new tokens that way.

Yeah, I was thinking about something along those lines. I was thinking about using a broadcast,
or maybe embedding it in the task dependencies so we're sure that new tasks are run with the
new credentials. But I haven't properly investigated any approach.

Leveraging the current HDFS-based approach is the easiest option, though. First implementation
could provide the public API and use that as the backend, for example.

> API in Spark for distributing new delegation tokens (Improve delegation token handling
in secure clusters)
> ----------------------------------------------------------------------------------------------------------
>
>                 Key: SPARK-19143
>                 URL: https://issues.apache.org/jira/browse/SPARK-19143
>             Project: Spark
>          Issue Type: Improvement
>          Components: Spark Core, YARN
>    Affects Versions: 2.0.2, 2.1.0
>            Reporter: Ruslan Dautkhanov
>
> Spin off from SPARK-14743 and comments chain in [recent comments| https://issues.apache.org/jira/browse/SPARK-5493?focusedCommentId=15802179&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15802179]
in SPARK-5493.
> Spark currently doesn't have a way for distribution new delegation tokens. Quoting [~vanzin]
from SPARK-5493 
> {quote}
> IIRC Livy doesn't yet support delegation token renewal. Once it reaches the TTL, the
session is unusable.
> There might be ways to hack support for that without changes in Spark, but I'd like to
see a proper API in Spark for distributing new delegation tokens. I mentioned that in SPARK-14743,
but although that bug is closed, that particular feature hasn't been implemented yet.
> {quote}
> Other thoughts?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org


Mime
View raw message