[GitHub] spark pull request: [SPARK-6207] [YARN] [SQL] Adds delegation toke...

Thu, 19 Mar 2015 17:29:27 -0700 

Github user tgravescs commented on a diff in the pull request:

    https://github.com/apache/spark/pull/5031#discussion_r26811012
  
    --- Diff: yarn/src/main/scala/org/apache/spark/deploy/yarn/Client.scala ---
    @@ -903,6 +908,30 @@ object Client extends Logging {
       }
     
       /**
    +   * Obtains token for the Hive metastore and adds them to the credentials.
    +   */
    +  private def obtainTokenForHiveMetastore(conf: Configuration, 
credentials: Credentials) {
    +    if (UserGroupInformation.isSecurityEnabled /* And Hive is enabled */) {
    +      val hc = org.apache.hadoop.hive.ql.metadata.Hive.get
    +      val principal = 
hc.getConf().get(HiveConf.ConfVars.METASTORE_KERBEROS_PRINCIPAL.varname)
    +      val username = UserGroupInformation.getCurrentUser().getUserName
    +
    +      if (principal == null) {
    +        val errorMessage = "Required hive metastore principal is not 
configured!"
    +        logError(errorMessage)
    +        throw new IllegalArgumentException(errorMessage)
    +      }
    +
    +      val tokenStr = hc.getDelegationToken(username,principal)
    +      val hive2Token = new Token[DelegationTokenIdentifier]()
    +      hive2Token.decodeFromUrlString(tokenStr)
    +      credentials.addToken(new Text("hive.server2.delegation.token"), 
hive2Token)
    +      logDebug("Added the Hive Server 2 token to conf.")
    +      org.apache.hadoop.hive.ql.metadata.Hive.closeCurrent
    --- End diff --
    
    hdfs (namenode) delegation tokens are renewed by the Yarn resourcemanager 
for you, up til they expire at a week. (Then you need pr4688)  Unfortunately 
the resourcemanager it doesn't handle hive or hbase tokens.  I personally think 
putting in this code for hive and then possible hbase for us to know how to get 
it is ok as long as the interfaces we are using are public and not likely to 
change.  However we should have a way to skip it if its not configured.
    
    Yes, long running services should be able to renew or reacquire with what 
Hari is doing. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to