Spark Authentication¶

Table of Contents

Introduction
Oracle Wallet
Documentation Feedback

Introduction ¶

By default the ORA_APP_PASS password will be exposed in clear-text on the Spark command line. If the password has been encrypted in offload.env using Password Tool then it will be decrypted before being included on the Spark command line.

To prevent a clear password from being exposed on the Spark command line the following approach should be used.

Oracle Wallet ¶

Using an Oracle Wallet removes the clear-text password from the Spark command line and stores the password in an encrypted key store.

Create Oracle Wallet¶

On the Oracle Database server create the Oracle Wallet and add the Gluent Data Platform credential:

$ . $OFFLOAD_HOME/conf/offload.env
$ mkdir -p $OFFLOAD_HOME/../gluent_wallet
$ orapki wallet create -wallet $OFFLOAD_HOME/../gluent_wallet -auto_login -pwd <password>
$ mkstore -wrl "$OFFLOAD_HOME/../gluent_wallet" -createCredential "$ORA_CONN" "$ORA_APP_USER" <ora_app_pass>

Enter wallet password: <password>
Create credential oracle.security.client.connect_string1

$ orapki wallet display -wallet $OFFLOAD_HOME/../gluent_wallet -pwd <password>

...
Oracle Secret Store entries:
oracle.security.client.connect_string1
oracle.security.client.password1
oracle.security.client.username1
...

The value for <password> should be replaced with a chosen password to protect the Oracle Wallet.

The value for <ora_app_pass> should be replaced with the unencrypted value of ORA_APP_PASS.

The Oracle Wallet needs to be propagated to all Oracle RAC servers on which Gluent Data Platform is installed.

Oracle PKI Libraries¶

The following JAR files should be copied from $ORACLE_HOME/jlib to $SPARK_HOME/jars/:

oraclepki.jar
osdt_cert.jar
osdt_core.jar

Copy Oracle Wallet¶

On the Oracle Database server copy the Oracle Wallet to the offload transport host:

$ . $OFFLOAD_HOME/conf/offload.env
$ scp -r $OFFLOAD_HOME/../gluent_wallet ${OFFLOAD_TRANSPORT_USER}@${OFFLOAD_TRANSPORT_CMD_HOST}:/opt/gluent

SQLNet Profile Configuration¶

Add the following to the /opt/gluent/sqlnet.ora file on the offload transport host:

SQLNET.WALLET_OVERRIDE=TRUE
WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/opt/gluent/gluent_wallet)))

Configure Spark Standalone¶

Edit $SPARK_HOME/conf/spark-defaults.conf adding the following entries:

spark.driver.extraJavaOptions=-Doracle.net.wallet_location=/opt/gluent/gluent_wallet
spark.executor.extraJavaOptions=-Doracle.net.wallet_location=/opt/gluent/gluent_wallet

Note

If spark.driver.extraJavaOptions or spark.executor.extraJavaOptions are already present in the spark-defaults.conf file then append the values above rather than overwriting the existing entries.

Restart Spark Standalone¶

For the changes to take effect Spark must be restarted. The examples below show how to restart Spark Standalone.

To stop Spark Standalone issue the following commands:

$ $SPARK_HOME/sbin/stop-all.sh
$ $SPARK_HOME/sbin/stop-history-server.sh

To start Spark Standalone manually, issue the following commands:

$ $SPARK_HOME/sbin/start-all.sh
$ $SPARK_HOME/sbin/start-history-server.sh

Update Gluent Data Platform Environment File¶

Set OFFLOAD_TRANSPORT_AUTH_USING_ORACLE_WALLET to true in offload.env.

Important

Any changes made to the Gluent Data Platform environment file (offload.env) must be propagated across all installations.

Documentation Feedback ¶

Send feedback on this documentation to: feedback@gluent.com