Support Questions

christopher_w_m · ‎06-03-2016

We have a kerberized cluster and just finished configuring the Hive and HDFS views inside Ambari 2.1.2.1 by following the documentation here: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.1/bk_ambari_views_guide/content/section_kerber...

I'm able to login to ambari with my username to use both the Hive and HDFS view OK. I'm testing these views with Ranger now. The problem is the Hive view seems to be running as the ambari-server user.

How do make the hive view run queries as my username instead of ambari-server?

Note: The HDFS view seems to be working correctly because I can see the correct username in the audit logs.

jeff1 · ‎06-03-2016

Wonder if you are hitting this issue?

https://issues.apache.org/jira/browse/AMBARI-13875

It's fixed in Ambari 2.2+. The latest Ambari is 2.2.2.0 and upgrade docs / general docs can be found here:

http://docs.hortonworks.com/HDPDocuments/Ambari/Ambari-2.2.2.0/index.html

View solution in original post

sunile_manjee · ‎06-03-2016

@Kit Menke have you enabled hive impersonations? link to best practice. More on enabling hive impersonations here.

christopher_w_m · ‎06-03-2016

@Sunile Manjee I think Scenario #1 is what I'm aiming for. I set "Run as end user instead of Hive user" to false but still I'm seeing ambari-server show up in the ranger audit log.

abajwa · ‎06-03-2016

There seems to be a missing param in the docs for "Hive authentication" property. It should work after you add the bolded below to pass in user logged into ambari as the hive.server2.proxy.user:

auth=KERBEROS;principal=hive/HIVE_HOST@REALM;hive.server2.proxy.user=${username}

@bganesan: seems like we may need to update our doc

abajwa · ‎06-09-2016

Per the JIRA from Jeff, looks like the feature did not work prior to Ambari 2.2+. The relevant doc section in Ambari 2.2.0.0 looks ok so I think we are good. Although it might be good to update older docs to explicitly call out the fact that running queries as logged in user won't work.

jeff1 · ‎06-03-2016

Wonder if you are hitting this issue?

https://issues.apache.org/jira/browse/AMBARI-13875

It's fixed in Ambari 2.2+. The latest Ambari is 2.2.2.0 and upgrade docs / general docs can be found here:

http://docs.hortonworks.com/HDPDocuments/Ambari/Ambari-2.2.2.0/index.html

christopher_w_m · ‎06-03-2016

@jeff That does look like what I'm running into. I tried adding hive.server2.proxy.user as suggested by @Ali Bajwa but it didn't have any affect so must be that bug. I'll see if we can update Ambari.

bandarusridhar1 · ‎06-04-2016

@Kit Menke

Can you please check is below property set in hive-site.xml, if not please set it and try.

hive.server2.enable.doAs = true

Link for more details.

christopher_w_m · ‎06-08-2016

@Sri Bandaru I've tried changing doAs to both true and false and saw the same behavior either way when using the Ambari Hive view. We want to leave it as false anyways.

christopher_w_m · ‎06-08-2016

After upgrading to Ambari 2.2.2.0 and adding hive.server2.proxy.user=${username} to the Ambari Hive View config this started working. Thanks @jeff and @Ali Bajwa!

Cloudera Community

Support Questions

Ambari Hive View: How to make Hive queries run as current user?