spark 通过keytab 获取认证
/usr/local/spark-2.3.0-bin-2.6.0-cdh5.8.0/bin/spark-submit \ --keytab /home/jj/tl.keytab \ --principal vf@FC.COM \ --class com.bb.sailer.engine_client.JobAa9d67c8c46843349043610b6d7b21dd \ --master yarn \ --deploy-mode client \ --name flow_1547016972595_ocdwlgoz \ --verbose \ --driver-memory 2G --num-executors 4 \ --executor-cores 2 --executor-memory 4G \ --conf spark.default.parallelism=16 \ --conf spark.ui.showConsoleProgress=true \ target/sailer-engine-client-1.0-SNAPSHOT.jar
"KDC can't fulfill requested option while renewing credentials" errors when running Db2 Big SQL statements on a Kerberized cluster
When running Db2® Big SQL statements on a Kerberized cluster, you might encounter Kerberos key distribution center (KDC) errors about credentials renewal in the bigsql.log file.
Symptoms
The following exception is an example of the type of error that you might encounter:Causes
This error occurs when the KDC fails to generate a renewable ticket-granting ticket (TGT).Resolving the problem
- To ensure that a TGT is generated and renewed appropriately while Db2 Big SQL processes are running, set up the max_renewable_life parameter appropriately in the realms section of the /var/kerberos/krb5kdc/kdc.conf file on the Kerberos server. This step is not required on the client side.
In the following example max_renewable_life is set to 7 days:For the renewal policy to work, you must also run the following command on the KDC host:
- Specify or modify the maximum renewable life of tickets (maxrenewlife) parameter for the service principals to enable long running processes (such as LOAD) to run and complete.
The following example shows how to modify maxrenewlife for the bigsql and hive service principals on node bdavm750.svl.ibm.com from the kadmin command line prompt. Be sure to modify maxrenewlife for the bigsql and hive service principals on all nodes.
