Support Questions
Find answers, ask questions, and share your expertise

Ambari Hive view - Service 'hiveserver' check failed

Hi everyone,

I am trying to understand the following error:

12646-hive-view-error.jpg

I was initially using Ambari with the Admin account. Now we are trying to "normalize" the usage and I received an account for me. I have a Ambari user "phernandez" and a user in the linux server "hernandez". If I login in ambari with the admin server I have no problems but if I do it with "phernandez":

- I can open the Files View

- I see 2 Hive View, that is the first thing I don't understand.

- I cannot successfully open any of these Hive View and get the error in the image above.

I think I need to better understand and learn the hadoop basic concepts and how the operating system user is related to the ambari user and the hive security, but if you can help me to solve this issue I will appreciate it a lot.

We have a HDP 2.5 installation with 4 nodes.

Ranger has a policy that grants me access to a database (access for a group I belong to).

Kind regards,

Paul

6 REPLIES 6

Re: Ambari Hive view - Service 'hiveserver' check failed

Mentor

Your Hive server check is failing, it could be service is down or your proxy user is not set up correctly (config issue). I recommend starting with this doc http://docs.hortonworks.com/HDPDocuments/Ambari-2.4.2.0/bk_ambari-views/index.html

Re: Ambari Hive view - Service 'hiveserver' check failed

Super Mentor

@Paul Hernandez - Is it a kernerized envirnment ? If yes then are you passing valid

- Which version of ambari is it?

- Are you using LDAP users or "phernandez" is a local user?

.

Regarding your query on "I see 2 Hive View, that is the first thing I don't understand." ? "Admin" --> "Manage Ambari" --> "Views" --> "Hive" .

Users can create as meny instances they want. So in your case there may be two instances got created. (many be one HiveView 1.0.0 and another HiveView 1.5.0) (from ambari 2.4 we have these two versions of hiveview that we can instantiate)

.

Re: Ambari Hive view - Service 'hiveserver' check failed

Hi Jay, thanks for your answer.

You are right, we have these two Hive Views (1.0.0 and 1.5.0)

We are not using LDAP, no kerberos authentication and my user is a local user created using Ambari (version 2.4.2.0).

Re: Ambari Hive view - Service 'hiveserver' check failed

Super Mentor

@Paul Hernandez

Have you already allowed access to "phernandez" user in Ranger to allow to this view without any issues. I mean have you added "phernandez" user access in default policy in RANGER.

http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/

Re: Ambari Hive view - Service 'hiveserver' check failed

My user belongs to a group called "pm". This group has a policy that grants access to the "pm" database in Hive. The default policy was deleted by someone.

12647-policy-pm-details.jpg

Re: Ambari Hive view - Service 'hiveserver' check failed

Hi everyone,

I don't exactly what I modified in Ranger, but now I am able to open the Hive View, however, I'm still getting an error:

Error while compiling statement: FAILED: SemanticException MetaException(message:java.security.AccessControlException: Permission denied: user=hive, access=READ, inode="/apps/hive/warehouse/myfile":anuser:agroup:drwxrwx--- at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:319) ...

I modified this property:

hive.server2.enable.doAs either to true and to false with the same result.

What I cannot understand, is why the user is always hive

According to this article: http://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger-in-hdp-2-2/

if the property is set to true Hiveserver2 will run MR jobs in HDFS as the original user. Why the original user is also hive.

Is it may be realted to these properties?

  • hadoop.proxyuser.hive.hosts
  • hadoop.proxyuser.hive.groups

Any comment will be appreciated.