[ https://issues.apache.org/jira/browse/SPARK-31559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17092928#comment-17092928 ]
Jungtaek Lim commented on SPARK-31559: -------------------------------------- PR submitted: https://github.com/apache/spark/pull/28336 > AM starts with initial fetched tokens in any attempt > ---------------------------------------------------- > > Key: SPARK-31559 > URL: https://issues.apache.org/jira/browse/SPARK-31559 > Project: Spark > Issue Type: Bug > Components: YARN > Affects Versions: 3.0.0 > Reporter: Jungtaek Lim > Priority: Major > > The issue is only occurred in yarn-cluster mode. > Submitter will obtain delegation tokens for yarn-cluster mode, and add these > credentials to the launch context. AM will be launched with these > credentials, and AM and driver are able to leverage these tokens. > In Yarn cluster mode, driver is launched in AM, which in turn initializes > token manager (while initializing SparkContext) and obtain delegation tokens > (+ schedule to renew) if both principal and keytab are available. > That said, even we provide principal and keytab to run application with > yarn-cluster mode, AM always starts with initial tokens from launch context > until token manager runs and obtains delegation tokens. > So there's a "gap", and if user codes (driver) access to external system with > delegation tokens (e.g. HDFS) before initializing SparkContext, it cannot > leverage the tokens token manager will obtain. It will make the application > fail if AM is killed "after" the initial tokens are expired and relaunched. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org