Scenario

When Spark is used to submit tasks, the driver obtains tokens from HBase by default. To access HBase, you need to configure the jaas.conf file for security authentication. If the jaas.conf file is not configured, the application will fail to run.

Therefore, perform the following operations based on whether the application involves HBase:

If the application does not involve HBase, you do not need to obtain the HBase tokens. In this case, set spark.yarn.security.credentials.hbase.enabled to false.

If the application involves HBase, set spark.yarn.security.credentials.hbase.enabled to true and configure the jaas.conf file on the driver as follows:

{client}/spark/bin/spark-sql  --master yarn-client --principal {principal} --keytab {keytab} --driver-java-options "-Djava.security.auth.login.config={LocalPath}/jaas.conf"

Specify Keytab and Principal in the jaas.conf file. The following is an example:

Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab = "{LocalPath}/user.keytab"
principal="super@<System domain name>"
useTicketCache=false
debug=false;
};

Configuration

Configure the following parameter in the spark-defaults.conf file of the Spark client.

**Table 1** Parameter description
Parameter	Description	Default Value
spark.yarn.security.credentials.hbase.enabled	Indicates whether HBase obtains a token. true: HBase obtains a token. false: HBase does not obtain a token.	false

Configuring Whether Spark Obtains HBase Tokens

Scenario

Configuration