All geek questions in one place

Apache Spark Network Port Configuration

When Apache Spark operates in an offline cluster mode, it uses several ports for different types of network communication between (among others) the driver and the executors / workers.

In spark release 1.1.0, they added a number of features to configure the ports used, and also developed a guide for this: http://spark.apache.org/docs/latest/security.html#configuring-ports-for-network- security But it seems that only server ports can be controlled, i.e. Listened

However, I did not find a way to manage the ports of the client that will run the spark executor / worker to connect to the driver program. My driver program works in tomcat, and I have to be very specific in my catalytic policy to only allow specific IP addresses / ports.

So, is there a way to manage all the ports used by Spark to configure socket permissions in the .policy tomcat directory, which launches the driver program so that it can communicate with artists / workers?

EDIT The error I get on the tomcat side:

2014-09-19 16:55:42,437 [New I/O server boss #6] WARN T:[] V:[]ojncsnio.AbstractNioSelector - Failed to accept a connection. java.security.AccessControlException: access denied ("java.net.SocketPermission" "<worker IP address>:44904" "accept,resolve") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:372) ~[na:1.7.0_67] at java.security.AccessController.checkPermission(AccessController.java:559) ~[na:1.7.0_67] at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[na:1.7.0_67] at java.lang.SecurityManager.checkAccept(SecurityManager.java:1170) ~[na:1.7.0_67] at sun.nio.ch.ServerSocketChannelImpl.accept(ServerSocketChannelImpl.java:261) ~[na:1.7.0_67] at org.jboss.netty.channel.socket.nio.NioServerBoss.process(NioServerBoss.java:100) ~[netty-3.6.6.Final.jar:na] at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:312) ~[netty-3.6.6.Final.jar:na] at org.jboss.netty.channel.socket.nio.NioServerBoss.run(NioServerBoss.java:42) ~[netty-3.6.6.Final.jar:na] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_67] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_67] at java.lang.Thread.run(Thread.java:745) [na:1.7.0_67]
+5
source share
1 answer

The client port is usually dynamically determined at runtime.

The server port is the port to which the initial client request is connected, since this initial request is processed, the connection will be “completed”, which (among other things) opens the “client” port on the requesting machine to receive response information. Typically, this client port is injected into the initial request and extends from the range configured in the client operating system (or at least at the tcp level of the client’s network stack).

If the client can configure only one port, this is likely to cause problems, since when two instances of the client program are launched, the subsequent instance will not be able to open its input with the server port, and the first client will receive answers to client requests.

As you can see, your server cannot open the client (response) port, you will probably need to check (in that order)

  • Network path from server to client (it may differ from the path from client to server). If this is normal ...
  • Client Firewall Configuration Possibly, excessive firewall configuration may block requests to complete a client connection request, blocking the range of client ports.
  • Client software / system configuration. While extremely rare, sometimes people configure their systems to place client ports outside the range of what can be supported (this does not seem to be the case). This is usually 65535.

Most likely, you have a problem with the network in the garden assortment, but it may be a problem with the firewall (or excessive anti-virus scanning / fire-retardant solution).

+1
source

Source: https://habr.com/ru/post/1202988/

More articles:


All Articles