I am experimenting with connecting a jupyterhub using the toree (branch 0.1.x) distribution to connect to a Cloudera cluster we have running. The jupiter machine is a separate VM and is not in the cluster (although on the same vNet). The cluster is configured with kerberos authentication. I can do local spark-shell -master yarn-client to the cluster after a kinit (Kerberos auth login) on the machine.
I have the toree kernel configured in jupiter, but the log is showing the connection to CLoudera is failing since there is no Kerberos auth sent as part of the call: Nov 30 14:13:29 rhi-fusedev-jupyter-01 jupyterhub: java.io.IOException: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: “XXXXX/<IP ADDRESS>"; destination host is: “ZZZZ":8032; Nov 30 14:13:29 rhi-fusedev-jupyter-01 jupyterhub: at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772) Nov 30 14:13:29 rhi-fusedev-jupyter-01 jupyterhub: at org.apache.hadoop.ipc.Client.call(Client.java:1472) Nov 30 14:13:29 rhi-fusedev-jupyter-01 jupyterhub: at org.apache.hadoop.ipc.Client.call(Client.java:1399) Nov 30 14:13:29 rhi-fusedev-jupyter-01 jupyterhub: at org.apache.hadoop.ipc.ProtobufRpcEngine$Invoker.invoke(ProtobufRpcEngine.java:232) The kernel is being accessed in a jupyterhub server, so i do authenticate into the machine as a valid user with a Kerberos ticket. The code is apparently not sending along the Kerberos ticket in the Authorization header of the client call to the cluster. Is there any support for this? Command-line args? env variables? Thanks James McCudden Architect Relay Health Intelligence 413.587.6819 Office 413.835.5441 Mobile RelayHealth A division of McKesson Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
