05-11-2015 02:29 AM
hi i'm facing error when deploying hive authorization with sentry service. i have configured sentry and hive service following this document http://www.cloudera.com/content/cloudera/en/documentation/core/latest/topics/sg_sentry_service_confi...
and finally when i started to test, i logon hiveserver2 with hive via beeline, and ran command 'create role admin', it showed the error java.sql.SQLException: Can't create table 'sentry.#sql-12c8_384' (errno: 150). even when i "show database" or 'show tables', there's only default database showed while there should be more db and tables.
is it a hive permission issue? i checked sentry.service.admin.group, the vaule is 'hive,hue,impala'.
could anyone help to figure it out?
05-11-2015 06:20 AM
It is really hard to get Kerberos+Sentry+Hive working well. But let's check couple steps:
1) Have you logged using beeline with a user created in kerberos ?
EX.: kinit user@HADOOP.COM
2) Did you connect to beeline with the following command ?
Ex.: !connect jdbc:hive2://IP_HIVESERVER2:10000/default;principal=hive/NAME_HIVESERVER2@REALM_KERBEROS;
3) Just to remenber, you MUST be logged with a hive user to perform administrative purposes;
Let us know what's going on to help on your issue !!!
05-11-2015 07:23 AM
actually i didnt configure to use kerberos. and already set the sentry.hive.testing.mode to true.
and i logon beeline with command " !connect jdbc:hive2://IP_HIVESERVER2:10000/default hive password".
and surely hive is the only user in hive group, which is administrator.
but the situation looks like hive didnt get the right permission, and i configured mysql on backend for sentry service.
05-11-2015 07:40 AM
To get Sentry running in your Cloudera cluster, it is necessary to have a Kerberos Server to authenticate the users.
Here are some usefull links that may help you to get Sentry "up and running"
Enable Kerberos Authrntication Using Cloudera Manager:
How-to: QIckly Configure Kerberos for Your Apache Hadoop Cluster
Sentry Policy File Authorization:
Feel free to contact us !!!
05-11-2015 07:51 AM
thanks in advance. in our environment, we designed to use ldap server as the authenticate server. its already working with hive.
so for my case, is it possibly to get hive with sentry working in the testing mode? or is there anything more you need for throubleshooting?
05-12-2015 01:18 AM
i just noticed there are errors in hadoop-cmf-sentry-SENTRY_SERVER.log.out:
ERROR DataNucleus.Datastore: An exception was thrown while adding/validating class(es) : Specified key was too long; max key length is 767 bytes
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Specified key was too long; max key length is 767 bytes
ERROR DataNucleus.Datastore: An exception was thrown while adding/validating class(es) : Can't create table 'sentry.#sql-5d35_a' (errno: 150)
seems it was an mysql error? does anybody know how to fix the problem?