cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Shared access vs Single user access mode

naga_databricks
Contributor

‎10-16-2023 02:34 PM

I am running a notebook to get secret value from GCP Secret Manager. This is working well with Single user Access Mode, however it fail when i use a cluster with Shared Access mode. I have specified the same GCP service account on both of these clusters. Below is the error i get with Shared Access mode:

RetryError: Deadline of 60.0s exceeded while calling target function, last exception: 503 Getting metadata from plugin failed with error: Failed to retrieve http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/?recursive=true from the Google Compute Engine metadata service. Compute Engine Metadata server unavailable

Are there differences in the accessibility to cloud resources between these 2 types of clusters?

1 REPLY 1

naga_databricks
Contributor

‎10-17-2023 03:47 AM

Thanks for your response.

I am using a cloud service account (same account that was used to create the workspace) on the cluster properties in case of both the single user cluster and on the shared user cluster. This service account has all the necessary access to the cloud resources (secretsAccessor).

With a single user cluster, i am able to mention the service account and able to access the secrets. I did not have to keep the JSON file of the service key in a secret scope. This means, the cluster is with my user ownership, and i just specified the cloud service account, which enabled me to access the underlying cloud resources.  

I was earlier using other type of the cluster called "No Isolation Shared", for this specifying the cloud service account was sufficient.

How does the service account property on the cluster configuration work? does it always need the service account key? or is it only for the Shared user cluster type.

0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements