Support Questions
Find answers, ask questions, and share your expertise

HiveServer2 with kerberos ,when executing "select count(*) from student_info",unExpected exception returned

New Contributor

org.apache.hive.service.cli.HiveSQLException: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.tez.TezTask at org.apache.hive.service.cli.operation.Operation.toSQLException(Operation.java:323) at org.apache.hive.service.cli.operation.SQLOperation.runQuery(SQLOperation.java:199) at org.apache.hive.service.cli.operation.SQLOperation.access$300(SQLOperation.java:76) at org.apache.hive.service.cli.operation.SQLOperation$2$1.run(SQLOperation.java:253) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1866) at org.apache.hive.service.cli.operation.SQLOperation$2.run(SQLOperation.java:264) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

4 REPLIES 4

Mentor

@yifan zhao

Can you do the below change in the Ambari-Hive-Config

hive.server2.enable.doAs=True

If set as above HiveServer2 performs the query processing as the user who submitted the query "select count(*) from student_info" in a kerberized environment this user MUST have run the kinit to grab a Kerberos ticket and in an LDAP integrated environment it could be a service account (for ease of management) which could be assigned to users just like a ROLE

When set to false the above query will run as the user that the hiveserver2 process runs as i.e Hive

Advantages of the above setup

  • Hive permissions management through Ranger policies
  • Assign every user on a specific Queue. and control the ACLs mappings for Yarn

Hope that helps

New Contributor

thanks for your reply.

As your thought , "Run as end user instead of Hive user" property is set to be true. but I do logIn in the summited user principal and keytab, through UserGroupInformation.login and then connect hiveServer2 through jdbc mode. but it still throw the same exception.
Any further changes for my code...? forword for your reply

New Contributor

Solved the problom,follow 3 steps

1. add the user in all hadoop nodes

2. mkdir in hdfs "/user" directory, for example, /user/test

3. grant hdfs "/user" privilege in "ranger" to the user

finally make it

Contributor

@yifan zhao You can take look here Link, hope it will help you.

; ;