Using Hive in Oozie can be challenging. There are two available actions
HiveAction and Hive2Action
Th Hive action uses the hive client and needs to set a lot of libraries and connections. I ran into a lot of issues especially related to security. Also the logs are not available in the Hive server and hive server settings are not honoured.
The Hive2 action is a solution for this. It runs a beeline command and connects through jdbc to the hive server. The below assumes that you have used LDAP or PAM security for your hive server.
The problem with this is that everybody who has access to the oozie logs has access to the password in the hivepassword parameter. This can be less than desirable. Luckily beeline provides a new function to use a password file. A file containing the hive password.
beeline -u jdbc:hive2://sandbox:10000/default -n user -w passfile
passfile being a file containing your password without any new lines at the end. Just the password.
To use that in the Action you can give it as an argument. However you still need to upload the passfile to the oozie execution folder. This can be done in two ways ( create a lib folder under your workflow directory and put it there or use the file argument.
This will copy the password file to the temp directory and beeline will use it for authentication. Only the owner of the oozie workflow needs access to that file but other people can see the logs ( but not the password. )
Note: The Hive2Action seems to be weird about parameters. It is important to use
The space will cause it to fail because it is adding the space to the filename. This is different for the command line beeline.