Github user tgravescs commented on the pull request:
https://github.com/apache/spark/pull/11033#issuecomment-183699703
oozie does it through the UGI and doAs and filling in the credentials.
Otherwise it wouldn't work for me now with Spark.
That is why I'm trying to understand why this is needed. I have no
problems with it if there is a valid use case but I don't want extra security
related code for nothing. Perhaps you have different setup? We run everything
secure, oozie as proxy user. Are you using some hybrid approach or not using
proxy user. Can you report the error you see?
You can prevent the spark client from trying to get hive and hbase tokens
by turning them off. You do have to do this as the client does try to always
get them if its configured for those which will break since it tries from the
oozie launcher running on the cluster.
config spark.yarn.security.tokens.${service}.enabled. And you tell oozie
to get the tokens for you via oozie workflow credentials commands.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
