[
https://issues.apache.org/jira/browse/SPARK-13110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Marcelo Vanzin resolved SPARK-13110.
------------------------------------
Resolution: Unresolved
Hi Pierre,
We don't use the bug tracker for questions. Please use the mailing lists (see
http://spark.apache.org/community.html) for that.
> How to configure the access of the Spark History Web UI with Kerberos
> authentication?
> -------------------------------------------------------------------------------------
>
> Key: SPARK-13110
> URL: https://issues.apache.org/jira/browse/SPARK-13110
> Project: Spark
> Issue Type: Question
> Components: Web UI
> Affects Versions: 1.5.1, 1.5.2, 1.6.0
> Environment: Spark 1.6.0 / Hadoop 2.7.1 / Zookeeper 3.4.5 /
> Authentication done through Kerberos
> Reporter: Pierre Beauvois
>
> Hello,
> Spark is installed on several machines of my cluster. These machines are used
> by the clients (we'll call these machines "CM"). Note that Spark is
> configured on Yarn and not on standalone mode.
> I installed a Spark History server on a different machine which is
> unaccessible to the clients (we'll call this machine "SHS"). Now I'm trying
> to configure Spark History web UI access for the users of my cluster who are
> authenticated with Kerberos. For the moment I have been able to make Spark
> History working with its kerberos principal and keytab.
> The spark-defaults.conf of the SHS is the following:
> {code}
> # Spark history server configurations
> spark.history.provider = org.apache.spark.deploy.history.FsHistoryProvider
> spark.history.fs.logDirectory = hdfs:///Products/SPARK/logs/
> spark.history.fs.update.interval = 10s
> spark.history.retainedApplications = 100
> spark.history.ui.port = 18080
> spark.history.kerberos.enabled = true
> spark.history.kerberos.principal =
> sparkhistory/sparkhistoryserver.dns.fr@SANDBOX.HADOOP
> spark.history.kerberos.keytab =
> /opt/application/Spark/current/keytabs/sparkhistory.keytab
> spark.history.ui.acls.enable = true
> spark.history.fs.cleaner.enabled = false
> spark.yarn.historyServer.address = sparkhistoryserver.dns.fr:18080
> {code}
> The spark-defaults.conf of the CM is the following:
> {code}
> # Spark history server configurations
> spark.history.provider =
> spark.history.fs.logDirectory =
> spark.history.fs.update.interval =
> spark.history.retainedApplications =
> spark.history.ui.port =
> spark.history.kerberos.enabled =
> spark.history.kerberos.principal =
> spark.history.kerberos.keytab =
> spark.history.ui.acls.enable = true
> spark.history.fs.cleaner.enabled =
> spark.yarn.historyServer.address = sparkhistoryserver.dns.fr:18080
> {code}
> First I would like to know if my configurations are good (both SHS and CM).
> Secondly I would like to know how to restrict the web UI access for the users
> who are kerberos authenticated. Let me explain more what is the expected
> behaviour here:
> - the user Obelix does a Spark job and finishes it properly
> - Obelix can go to the ResourceManager web UI and click on "history". He's
> redirected to the Spark History web UI and he can have the details of its
> previous job. Note that Obelix is kerberos authenticated in order to be able
> to go to the ResourceManager web UI and the Spark History web UI.
> - Asterix goes to the ResourceManager web UI and click on "history" of
> Obelix's job. Asterix is not redirected because he's not the user who
> launched the job.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
