AMBARI-18142. Spark thrift server to renew its own ticket (Jianfeng Zhang via smohanty)

ambari-server/src/main/resources/common-services/SPARK/1.2.1/configuration/spark-env.xml

@@ -69,6 +69,18 @@
     </value-attributes>
     <on-ambari-upgrade add="true"/>
   </property>
+  <property>
+    <name>hive_kerberos_keytab</name>
+    <value>{{hive_kerberos_keytab}}</value>
+    <description>hive keytab for spark thrift server</description>
+    <on-ambari-upgrade add="true"/>
+  </property>
+  <property>
+    <name>hive_kerberos_principal</name>
+    <value>{{hive_kerberos_principal}}</value>
+    <description>hive principal for spark thrift server</description>
+    <on-ambari-upgrade add="true"/>
+  </property>
   <!-- spark-env.sh -->
   <property>
     <name>content</name>

ambari-server/src/main/resources/common-services/SPARK/1.2.1/package/scripts/params.py

@@ -18,7 +18,7 @@ limitations under the License.
 
 """
 
-
+import socket
 import status_params
 from resource_management.libraries.functions.stack_features import check_stack_feature
 from resource_management.libraries.functions import StackFeature
@@ -171,7 +171,7 @@ if security_enabled:
     })
 
     hive_kerberos_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
-    hive_kerberos_principal = config['configurations']['hive-site']['hive.server2.authentication.kerberos.principal']
+    hive_kerberos_principal = config['configurations']['hive-site']['hive.server2.authentication.kerberos.principal'].replace('_HOST', socket.getfqdn().lower())
 
 # thrift server support - available on HDP 2.3 or higher
 spark_thrift_sparkconf = None

ambari-server/src/main/resources/common-services/SPARK/1.2.1/package/scripts/spark_service.py

@@ -76,11 +76,6 @@ def spark_service(name, upgrade_type=None, action=None):
         raise
 
     elif name == 'sparkthriftserver':
-      if params.security_enabled:
-        hive_principal = params.hive_kerberos_principal.replace('_HOST', socket.getfqdn().lower())
-        hive_kinit_cmd = format("{kinit_path_local} -kt {hive_kerberos_keytab} {hive_principal}; ")
-        Execute(hive_kinit_cmd, user=params.hive_user)
-
       thriftserver_no_op_test = format(
       'ls {spark_thrift_server_pid_file} >/dev/null 2>&1 && ps -p `cat {spark_thrift_server_pid_file}` >/dev/null 2>&1')
       try:

ambari-server/src/main/resources/common-services/SPARK/1.4.1/kerberos.json

@@ -33,6 +33,12 @@
           "spark-defaults": {
             "spark.history.kerberos.enabled": "true"
           }
+        },
+        {
+          "spark-thrift-sparkconf": {
+            "spark.yarn.keytab": "${spark-env/hive_kerberos_keytab}",
+            "spark.yarn.principal": "${spark-env/hive_kerberos_principal}"
+          }
         }
       ],
       "components": [

ambari-server/src/main/resources/common-services/SPARK2/2.0.0/configuration/spark2-env.xml

@@ -69,6 +69,18 @@
     </value-attributes>
     <on-ambari-upgrade add="true"/>
   </property>
+  <property>
+    <name>hive_kerberos_keytab</name>
+    <value>{{hive_kerberos_keytab}}</value>
+    <description>hive keytab for spark thirft server</description>
+    <on-ambari-upgrade add="true"/>
+  </property>
+  <property>
+    <name>hive_kerberos_principal</name>
+    <value>{{hive_kerberos_principal}}</value>
+    <description>hive principal for spark thrift server</description>
+    <on-ambari-upgrade add="true"/>
+  </property>
   <!-- spark-env.sh -->
   <property>
     <name>content</name>

ambari-server/src/main/resources/common-services/SPARK2/2.0.0/kerberos.json

@@ -33,6 +33,12 @@
           "spark2-defaults": {
             "spark.history.kerberos.enabled": "true"
           }
+        },
+        {
+          "spark2-thrift-sparkconf": {
+            "spark.yarn.keytab": "${spark2-env/hive_kerberos_keytab}",
+            "spark.yarn.principal": "${spark2-env/hive_kerberos_principal}"
+          }
         }
       ],
       "components": [

ambari-server/src/main/resources/common-services/SPARK2/2.0.0/package/scripts/params.py

@@ -18,6 +18,7 @@ limitations under the License.
 
 """
 
+import socket
 
 import status_params
 from resource_management.libraries.functions.stack_features import check_stack_feature
@@ -153,7 +154,7 @@ if security_enabled:
     })
 
     hive_kerberos_keytab = config['configurations']['hive-site']['hive.server2.authentication.kerberos.keytab']
-    hive_kerberos_principal = config['configurations']['hive-site']['hive.server2.authentication.kerberos.principal']
+    hive_kerberos_principal = config['configurations']['hive-site']['hive.server2.authentication.kerberos.principal'].replace('_HOST', socket.getfqdn().lower())
 
 # thrift server support - available on HDP 2.3 or higher
 spark_thrift_sparkconf = None

ambari-server/src/main/resources/common-services/SPARK2/2.0.0/package/scripts/spark_service.py

@@ -96,11 +96,6 @@ def spark_service(name, upgrade_type=None, action=None):
         raise
 
     elif name == 'sparkthriftserver':
-      if params.security_enabled:
-        hive_principal = params.hive_kerberos_principal.replace('_HOST', socket.getfqdn().lower())
-        hive_kinit_cmd = format("{kinit_path_local} -kt {hive_kerberos_keytab} {hive_principal}; ")
-        Execute(hive_kinit_cmd, user=params.hive_user)
-
       thriftserver_no_op_test = format(
       'ls {spark_thrift_server_pid_file} >/dev/null 2>&1 && ps -p `cat {spark_thrift_server_pid_file}` >/dev/null 2>&1')
       try:

ambari-server/src/main/resources/stacks/HDP/2.5/services/SPARK/kerberos.json

@@ -64,6 +64,12 @@
             "spark.history.kerberos.enabled": "true"
           }
         },
+        {
+          "spark-thrift-sparkconf": {
+            "spark.yarn.keytab": "${spark-env/hive_kerberos_keytab}",
+            "spark.yarn.principal": "${spark-env/hive_kerberos_principal}"
+          }
+        },
         {
           "livy-conf": {
             "livy.server.auth.type": "kerberos",