Github user tgravescs commented on the pull request:
https://github.com/apache/spark/pull/8942#issuecomment-144431311
Yeah I'm confused why 8867 didn't work.
The only time you need a new token is when the connection goes down and
needs to be re-established. If you have an existing connection it will
continue to stay up based on the old token. It looks like from the exception
that it must have been dropping the connection to the namenode and needs a new
one. Based on the exception I'm assuming that the new token isn't be adding
properly or propogated to where it needs to be (if someone did a doas for
instance and addCredentials isn't updating it for that ugi.
Can you tell from the log (HDFS_DELEGATION_TOKEN token 2339 for spark), if
2339 was the original token or the new token? Can you tell that a new token
was properly added and is valid? What is your token timeout set at, hopefully
its not to low that you are hitting a race with the code that waits a minute to
get the new token.
I'm actually fine with doing it either way (token or from keytab), but if
we do it from keytab I would rather see it more of a conditional where it
doesn't add Tokens to the current users UGI if the keytab was supplied. That
way it should be in "KERBEROS" mode and just login from the keytab for you. It
would also be more obvious in the future what is going on and less prone to
being broken by order.
You are running in yarn client mode?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
