morristm opened a new issue #321:
URL: https://github.com/apache/submarine/issues/321
I built the submarine security plugin for ranger 1.2 and spark 2.3. When
I'm using pyspark and spark-submit it is able to retrieve the hive policy file
from ranger and store it to the file system. However, when I'm using Jupyter
and livy to connect to an HDP 3.1.5 cluster it does not succeed in getting the
policy file. Instead I get this error
WARN RangerAdminRESTClient: Error getting policies. secureMode=true,
user=xxxxxxx (auth:SIMPLE), response={"httpStatusCode":401,"statusCode":0},
serviceName=XXXX_hive
The user id that is being used is the id that owns the spark application in
yarn. If its trying to pass a password for this user to ranger admin, I don't
know where it would be getting it. What concerns me is that my cluster is
kerberized and the error above shows auth:SIMPLE and not auth:KERBEROS. I
would expect it to authenticate to ranger with kerberos. Can you offer any
advice on why I'm not able to retrieve the policy in this situation but I am in
others? Is there a configuration I can add to set the userid/password that is
used to pull the policy from ranger?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
