Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use NSS_WRAPPER_PASSWD instead of /etc/passwd as in spark-operator image entrypoint.sh #2312

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Use NSS_WRAPPER_PASSWD instead of /etc/passwd as in spark-operator image entrypoint.sh #2312

wants to merge 1 commit into from

Conversation

Aakcht
Copy link
Contributor

@Aakcht Aakcht commented Nov 5, 2024

Purpose of this PR

Currently spark-operator entrypoint.sh has this logic. It is the same logic as in entrypoint.sh of old spark images. It is intended for openshift and modifies /etc/passwd. It was working in the past, because in the older base spark images permissions for /etc/passwd were modified.

New spark images do not modify permissions of /etc/passwd. Therefore this entrypoint.sh logic does not work currently and when running spark-operator under random user spark-application submissions fails with the following error:

 org.apache.hadoop.security.KerberosAuthException: failure to login: javax.security.auth.login.LoginException: java.lang.NullPointerException: invalid null input: name

This PR changes this logic to the same logic as in newer spark images.

Proposed changes:

  • Modify entrypoint.sh logic of working with /etc/passwd and NSS_WRAPPER_PASSWD based on new spark image.

Change Category

  • Bugfix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that could affect existing functionality)
  • Documentation update

Rationale

Checklist

  • I have conducted a self-review of my own code.
  • I have updated documentation accordingly.
  • I have added tests that prove my changes are effective or that my feature works.
  • Existing unit tests pass locally with my changes.

Additional Notes

I validated this PR by adding new entrypoint.sh to spark-operator docker image and checked that spark-operator can now submit applications when running under random user.

@google-oss-prow Google OSS Prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yuchaoran2011 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Aakcht Aakcht force-pushed the fix_openshift_run_as_any_user branch from 711339e to 4c9c397 Compare November 5, 2024 13:21
@Aakcht
Copy link
Contributor Author

Aakcht commented Nov 12, 2024

Hi, @ChenYi015 @ImpSy @jacobsalway , any chance for reviewing this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ImpSy ImpSy Awaiting requested review from ImpSy

@jacobsalway jacobsalway Awaiting requested review from jacobsalway

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Aakcht