Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ambari Hive View: How to make Hive queries run as current user?

Solved Go to solution

Ambari Hive View: How to make Hive queries run as current user?

Rising Star

We have a kerberized cluster and just finished configuring the Hive and HDFS views inside Ambari 2.1.2.1 by following the documentation here: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_ambari_views_guide/content/section_kerber...

I'm able to login to ambari with my username to use both the Hive and HDFS view OK. I'm testing these views with Ranger now. The problem is the Hive view seems to be running as the ambari-server user.

4764-ranger-audit.png

How do make the hive view run queries as my username instead of ambari-server?

Note: The HDFS view seems to be working correctly because I can see the correct username in the audit logs.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: Ambari Hive View: How to make Hive queries run as current user?

Guru

Wonder if you are hitting this issue?

https://issues.apache.org/jira/browse/AMBARI-13875

It's fixed in Ambari 2.2+. The latest Ambari is 2.2.2.0 and upgrade docs / general docs can be found here:

http://docs.hortonworks.com/HDPDocuments/Ambari/Ambari-2.2.2.0/index.html

10 REPLIES 10

Re: Ambari Hive View: How to make Hive queries run as current user?

Super Guru

@Kit Menke have you enabled hive impersonations? link to best practice. More on enabling hive impersonations here.

Re: Ambari Hive View: How to make Hive queries run as current user?

Rising Star

@Sunile Manjee I think Scenario #1 is what I'm aiming for. I set "Run as end user instead of Hive user" to false but still I'm seeing ambari-server show up in the ranger audit log.

Re: Ambari Hive View: How to make Hive queries run as current user?

There seems to be a missing param in the docs for "Hive authentication" property. It should work after you add the bolded below to pass in user logged into ambari as the hive.server2.proxy.user:

auth=KERBEROS;principal=hive/HIVE_HOST@REALM;hive.server2.proxy.user=${username}

@bganesan: seems like we may need to update our doc

Re: Ambari Hive View: How to make Hive queries run as current user?

Per the JIRA from Jeff, looks like the feature did not work prior to Ambari 2.2+. The relevant doc section in Ambari 2.2.0.0 looks ok so I think we are good. Although it might be good to update older docs to explicitly call out the fact that running queries as logged in user won't work.

Highlighted

Re: Ambari Hive View: How to make Hive queries run as current user?

Guru

Wonder if you are hitting this issue?

https://issues.apache.org/jira/browse/AMBARI-13875

It's fixed in Ambari 2.2+. The latest Ambari is 2.2.2.0 and upgrade docs / general docs can be found here:

http://docs.hortonworks.com/HDPDocuments/Ambari/Ambari-2.2.2.0/index.html

Re: Ambari Hive View: How to make Hive queries run as current user?

Rising Star

@jeff That does look like what I'm running into. I tried adding hive.server2.proxy.user as suggested by @Ali Bajwa but it didn't have any affect so must be that bug. I'll see if we can update Ambari.

Re: Ambari Hive View: How to make Hive queries run as current user?

@Kit Menke

Can you please check is below property set in hive-site.xml, if not please set it and try.

hive.server2.enable.doAs = true

Link for more details.

Re: Ambari Hive View: How to make Hive queries run as current user?

Rising Star

@Sri Bandaru I've tried changing doAs to both true and false and saw the same behavior either way when using the Ambari Hive view. We want to leave it as false anyways.

Re: Ambari Hive View: How to make Hive queries run as current user?

Rising Star

After upgrading to Ambari 2.2.2.0 and adding hive.server2.proxy.user=${username} to the Ambari Hive View config this started working. Thanks @jeff and @Ali Bajwa!

Don't have an account?
Coming from Hortonworks? Activate your account here