Github user mattyb149 commented on the issue:
https://github.com/apache/nifi/pull/2630
The changes LGTM, and I tested on a secure cluster, verifying that I could
connect, get a session, and execute some simple Scala/Spark code. However, when
I tested with various unhappy paths including no Kerberos Credentials Service
and a bad keytab, it seems we could be handling these situations better.
In the first case (no credentials), the /sessions endpoint will return HTML
not JSON. This causes a bulletin to be issued, but the flow file is not
penalized and/or the processor is not yielded, and the LivyControllerService
thread to manage the sessions exits, meaning the flow will never proceed until
the CS is restarted with the correct credentials. This could be considered a
Livy bug (I didn't see an existing Jira), but we need to handle it for now.
I believe something similar happens for a bad keytab, but I didn't trace it
back to the manageSessions thread or anything. I think we need to ensure that
the manageSessions() thread is always running while the CS is enabled, we can
pass any exceptions back to the CS so when the processor makes a call to the
CS, we can throw the appropriate exception, etc.
---
