24cf1bd720
<!-- Thanks for sending a pull request! Here are some tips for you: 1. If this is your first time, please read our contributor guidelines: https://kyuubi.readthedocs.io/en/latest/community/contributions.html 2. If the PR is related to an issue in https://github.com/apache/incubator-kyuubi/issues, add '[KYUUBI #XXXX]' in your PR title, e.g., '[KYUUBI #XXXX] Your PR title ...'. 3. If the PR is unfinished, add '[WIP]' in your PR title, e.g., '[WIP][KYUUBI #XXXX] Your PR title ...'. --> ### _Why are the changes needed?_ <!-- Please clarify why the changes are needed. For instance, 1. If you add a feature, you can talk about the use case of it. 2. If you fix a bug, you can clarify why it is a bug. --> Support both KERBEROS and PLAIN authentication at the same time. ### _How was this patch tested?_ Added UT & IT. I make integration testing on our dev cluster with KERBEROS and CUSTOM authentication. ``` kyuubi.authentication KERBEROS,CUSTOM kyuubi.authentication.custom.class=org.apache.kyuubi.ZeusCustom ``` For org.apache.kyuubi.ZeusCustom, it checks whether the user equals password. ``` package org.apache.kyuubi import javax.security.sasl.AuthenticationException import org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider class ZeusCustom extends PasswdAuthenticationProvider with Logging { override def authenticate(user: String, password: String): Unit = { if (user == password) { info(s"Success log in of user: $user") } else { throw new AuthenticationException("Username or password is not valid!") } } } ``` 1. kerberos testing with user b_zeus  2. CUTOM authentication testing with user b_zeus  Note that: they share the same backend spark engine, because they are the same user. Closes #1266 from turboFei/multiple_auth_KYUUBI-1262. Closes #1262 71053aef [fwang12] adress nit 850d6b5d [fwang12] fix ut ea7db79f [fwang12] complete 11f409cb [fwang12] Update docs b1f83e55 [fwang12] add ut 8d137db9 [fwang12] make ldap password diff with custom d227aa74 [fwang12] fix ut d7cfaf4c [fwang12] only the first is valid 2e2283ba [fwang12] after all ee0e8bc0 [fwang12] make kerberoes enabled 4fc63081 [fwang12] refactor kerbereos helper 6691cc57 [fwang12] save cd813ecf [fwang12] refactor dd706740 [fwang12] retest f4038e93 [fwang12] fix code style 7b590a23 [fwang12] add ut e39e19e6 [fwang12] add it 7dc7c927 [fwang12] with password 8dadfd32 [fwang12] refactor ldap suite 8545a033 [fwang12] add ut 1aa30a5c [fwang12] refactor 8cc2ea66 [fwang12] fix ut 10f788ae [fwang12] before all 98f93640 [fwang12] revert sth bb75f8e9 [fwang12] save 314579f1 [fwang12] update default ac8b195f [fwang12] [KYUUBI #1262] Support multiple kinds of SASL authentication type Authored-by: fwang12 <fwang12@ebay.com> Signed-off-by: Cheng Pan <chengpan@apache.org> |
||
|---|---|---|
| .github | ||
| .idea | ||
| bin | ||
| build | ||
| conf | ||
| dev | ||
| docker | ||
| docs | ||
| externals | ||
| kubernetes/integration-tests | ||
| kyuubi-assembly | ||
| kyuubi-common | ||
| kyuubi-ctl | ||
| kyuubi-ha | ||
| kyuubi-hive-jdbc | ||
| kyuubi-hive-jdbc-shaded | ||
| kyuubi-metrics | ||
| kyuubi-server | ||
| kyuubi-zookeeper | ||
| licenses-binary | ||
| tools/spark-block-cleaner | ||
| _config.yml | ||
| .asf.yaml | ||
| .dockerignore | ||
| .gitattributes | ||
| .gitignore | ||
| .readthedocs.yml | ||
| .travis.yml | ||
| codecov.yml | ||
| DISCLAIMER | ||
| LICENSE | ||
| LICENSE-binary | ||
| NOTICE | ||
| NOTICE-binary | ||
| pom.xml | ||
| README.md | ||
| scalastyle-config.xml | ||
What is Kyuubi?
Kyuubi is a distributed multi-tenant Thrift JDBC/ODBC server for large-scale data management, processing, and analytics, built on top of Apache Spark and designed to support more engines (i.e., Flink). It has been open-sourced by NetEase since 2018. We are aiming to make Kyuubi an "out-of-the-box" tool for data warehouses and data lakes.
Kyuubi provides a pure SQL gateway through Thrift JDBC/ODBC interface for end-users to manipulate large-scale data with pre-programmed and extensible Spark SQL engines. This "out-of-the-box" model minimizes the barriers and costs for end-users to use Spark at the client side. At the server-side, Kyuubi server and engines' multi-tenant architecture provides the administrators a way to achieve computing resource isolation, data security, high availability, high client concurrency, etc.
- A HiveServer2-like API
- Multi-tenant Spark Support
- Running Spark in a serverless way
Target Users
Kyuubi's goal is to make it easy and efficient for anyone to use Spark(maybe other engines soon) and facilitate users to handle big data like ordinary data. Here, anyone means that users do not need to have a Spark technical background but a human language, SQL only. Sometimes, SQL skills are unnecessary when integrating Kyuubi with Apache Superset, which supports rich visualizations and dashboards.
In typical big data production environments with Kyuubi, there should be system administrators and end-users.
- System administrators: A small group consists of Spark experts responsible for Kyuubi deployment, configuration, and tuning.
- End-users: Focus on business data of their own, not where it stores, how it computes.
Additionally, the Kyuubi community will continuously optimize the whole system with various features, such as History-Based Optimizer, Auto-tuning, Materialized View, SQL Dialects, Functions, e.t.c.
Usage scenarios
Port workloads from HiveServer2 to Spark SQL
In typical big data production environments, especially secured ones, all bundled services manage access control lists to restricting access to authorized users. For example, Hadoop YARN divides compute resources into queues. With Queue ACLs, it can identify and control which users/groups can take actions on particular queues. Similarly, HDFS ACLs control access of HDFS files by providing a way to set different permissions for specific users/groups.
Apache Spark is a unified analytics engine for large-scale data processing. It provides a Distributed SQL Engine, a.k.a, the Spark Thrift Server(STS), designed to be seamlessly compatible with HiveServer2 and get even better performance.
HiveServer2 can identify and authenticate a caller, and then if the caller also has permissions for the YARN queue and HDFS files, it succeeds. Otherwise, it fails. However, on the one hand, STS is a single Spark application. The user and queue to which STS belongs are uniquely determined at startup. Consequently, STS cannot leverage cluster managers such as YARN and Kubernetes for resource isolation and sharing or control the access for callers by the single user inside the whole system. On the other hand, the Thrift Server is coupled in the Spark driver's JVM process. This coupled architect puts a high risk on server stability and makes it unable to handle high client concurrency or apply high availability such as load balancing as it is stateful.
Kyuubi extends the use of STS in a multi-tenant model based on a unified interface and relies on the concept of multi-tenancy to interact with cluster managers to finally gain the ability of resources sharing/isolation and data security. The loosely coupled architecture of the Kyuubi server and engine dramatically improves the client concurrency and service stability of the service itself.
DataLake/LakeHouse Support
The vision of Kyuubi is to unify the portal and become an easy-to-use data lake management platform. Different kinds of workloads, such as ETL processing and BI analytics, can be supported by one platform, using one copy of data, with one SQL interface.
- Logical View support via Kyuubi DataLake Metadata APIs
- Multiple Catalogs support
- SQL Standard Authorization support for DataLake(coming)
Cloud Native Support
Kyuubi can deploy its engines on different kinds of Cluster Managers, such as, Hadoop YARN, Kubernetes, etc.
The Kyuubi Ecosystem(present and future)
The figure below shows our vision for the Kyuubi Ecosystem. Some of them have been realized, some in development, and others would not be possible without your help.
Online Documentation
Since Kyuubi 1.3.0-incubating, the Kyuubi online documentation is hosted by https://kyuubi.apache.org/. You can find the specific version of Kyuubi documentation as listed below.
For 1.2 and earlier versions, please check the Github Pages directly.
Quick Start
Ready? Getting Started with Kyuubi.
Contributing
All bits of help are welcome. You can make various types of contributions to Kyuubi, including the following but not limited to,
- Help new users in chat channel or share your success stories with us -
- Improve Documentation -
- Test releases -
- Improve test coverage -
- Report bugs and better help developers to reproduce
- Review changes
- Make a pull request
- Promote to others
- Click the star button if you like this project
Before you start, we recommend that you check the Contribution Guidelines first.
Aside
The project took its name from a character of a popular Japanese manga - Naruto.
The character is named Kyuubi Kitsune/Kurama, which is a nine-tailed fox in mythology.
Kyuubi spread the power and spirit of fire, which is used here to represent the powerful Apache Spark.
Its nine tails stand for end-to-end multi-tenancy support of this project.
License
This project is licensed under the Apache 2.0 License. See the LICENSE file for details.