Reply
New Contributor
Posts: 1
Registered: ‎10-19-2015

Hive to Run Queries on a Secure HBase Server through beeline is not working

Hi,

 

We recently secured the cluster with kerberos. After that we are facing the problem with accessing the hbase tables through hive beeline. Initially we had problem with accessing them hive shell as well. However it seems went away when we added the below properties to hive-site.xml though "Hive Service Advanced Configuration Snippet", "Hive Client Advanced Configuration Snippet", "HiveServer2 Advanced Configuration Snippet". 

 

<property>
<name>hbase.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hbase.master.kerberos.principal</name>
<value>hbase/_HOST@EXAMPLE.COM</value>
</property>
<property>
<name>hbase.regionserver.kerberos.principal</name>
<value>hbase/_HOST@EXAMPLE.COM</value>
</property>
<property>
<name>hbase.zookeeper.quorum</name>
<value>ZOOKEEPER1,ZOOKEEPER2,ZOOKEEPER3</value>
</property>

 

However it is still not working through beeline. We get the below error while querying the hbase table from beeline. Please note: I did grant the user permission to access this table from hbase shell.

 

Error: java.io.IOException: org.apache.hadoop.hbase.security.AccessDeniedException: org.apache.hadoop.hbase.security.AccessDeniedException: Insufficient permissions (table=D1TURN:ADOBE_SEARCH_ENGINE_LOOKUP, action=READ)
at org.apache.hadoop.hbase.security.access.AccessController.internalPreRead(AccessController.java:1517)
at org.apache.hadoop.hbase.security.access.AccessController.preScannerOpen(AccessController.java:1964)
at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$50.call(RegionCoprocessorHost.java:1274)
at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost$RegionOperation.call(RegionCoprocessorHost.java:1663)
at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperation(RegionCoprocessorHost.java:1738)
at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.execOperationWithResult(RegionCoprocessorHost.java:1712)
at org.apache.hadoop.hbase.regionserver.RegionCoprocessorHost.preScannerOpen(RegionCoprocessorHost.java:1269)
at org.apache.hadoop.hbase.regionserver.RSRpcServices.scan(RSRpcServices.java:2118)
at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$2.callBlockingMethod(ClientProtos.java:31443)
at org.apache.hadoop.hbase.ipc.RpcServer.call(RpcServer.java:2035)
at org.apache.hadoop.hbase.ipc.CallRunner.run(CallRunner.java:107)
at org.apache.hadoop.hbase.ipc.RpcExecutor.consumerLoop(RpcExecutor.java:130)
at org.apache.hadoop.hbase.ipc.RpcExecutor$1.run(RpcExecutor.java:107)
at java.lang.Thread.run(Thread.java:745) (state=,code=0)

 

Any help on this would be greatly appreciated.

 

Thanks,

Briglal

 

Posts: 1,825
Kudos: 406
Solutions: 292
Registered: ‎07-31-2013

Re: Hive to Run Queries on a Secure HBase Server through beeline is not working


If you are using Cloudera Manager (CM) then the HBase configurations are self-added to your HiveServer2 (HS2) instance as long as you've selected a HBase service under Hive's Configuration page. This removes all need to configure any XML or properties for HBase secure services manually.

Does your Hive instance use impersonation, or is that disabled? If your HS2 instance does not use impersonation, then the grant on the HBase side needs to be done for the "hive" user, cause all HS2 activity will be done as that user (against whatever storage backend, HDFS or HBase).

If you seek to avoid granting "hive" entire access over the table in HBase, you'll need to enable impersonation in HS2, so the activity gets done as the real user instead.
Explorer
Posts: 10
Registered: ‎04-17-2018

Re: Hive to Run Queries on a Secure HBase Server through beeline is not working


@Harsh J wrote:
Does your Hive instance use impersonation, or is that disabled? If your HS2 instance does not use impersonation, then the grant on the HBase side needs to be done for the "hive" user, cause all HS2 activity will be done as that user (against whatever storage backend, HDFS or HBase).

thanks. after grant user hive on hbase, I can query hbase table via hive.

 

Thanks

 

Announcements