Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Impala Catalog does not get Hive objects

avatar
author-rank ainowy
New Contributor

Created on ‎12-19-2018 05:20 AM - edited ‎09-16-2022 06:59 AM

Hello!

 

I am having an issue with which I have been cracking my mind for a long time.

My cluster is CDH 12.1 and is configured with Kerberos (Active Directory), SSSD and Apache Sentry for authorization.

 

Situation: I am a Sentry admin and try to access my databases and tables using the Impala-shell, Hue and Beeline.

 

Problem: I have access to my tables through the Beeline and Hive in Hue. However, if I try to see them using impala (neither with the impala-shell nor Hue) I dont get access to them. I have tried using the hive user, impala user, other users and my own user (which is a Sentry admin) but unfortunately, never shows.

 

I tried to see if it is an issue related to roles and happens the following:

 

[<node>:21000] > invalidate metadata;
Query: invalidate metadata

ERROR: AuthorizationException: User 'hive/<node>' does not have privileges to access: server (it does not say server1)

Query submitted at: 2018-12-19 10:38:03 (Coordinator: http://<node>:25000)

[<node>:21000] > create role impala;
Query: create role -> role was created

[<node>:21000] > grant all on server server1 to role impala;
Query: grant all on server server1 to role impala
Query submitted at: 2018-12-19 10:38:50 (Coordinator: http://<node>:25000)
ERROR: AnalysisException: Role 'impala' does not exist.

[<node>:21000] > show roles;
Query: show roles

Fetched 0 row(s) in 0.12s
[<node>:21000] > create role impala;
Query: create role impala
ERROR: CatalogException: Role already exists: impala

 

Also, I found out the following errors in the log:

 

<node> ERROR December 19, 2018 10:37 AM cc:1299
Error deserializing item CATALOG:f1cc55801a0342c6:9c7dbb7738bffaa7: couldn't deserialize thrift msg:
TProtocolException: Invalid data
View Log File
<node> ERROR December 19, 2018 10:37 AM cc:1299
Error deserializing item CATALOG:f1cc55801a0342c6:9c7dbb7738bffaa7: couldn't deserialize thrift msg:
TProtocolException: Invalid data
View Log File
<node> ERROR December 19, 2018 10:37 AM cc:1378
There was an error processing the impalad catalog update. Requesting a full topic update to recover: CatalogException: Detected catalog service ID change. Aborting updateCatalog()
View Log File
<node> ERROR December 19, 2018 10:37 AM cc:1299
Error deserializing item ROLE:tesT: couldn't deserialize thrift msg:
TProtocolException: Invalid data
View Log File

 

I tried to increase the Java Heap Size for Catalog but this didnt help.

 

The log always shows errors processing the roles and permissions with the Catalog. I tried several daemons but didnt work.

 

Notes:

 

1. There are Sentry gateways in all nodes.

2. I tried to re-deploy the Hive client conf and so on. It didnt work.

 

I would be grateful if you could give me a hand with it!! 🙂

 

Thanks so much in advance!

 

 

5,205 Views
0 Kudos
4 REPLIES 4

avatar
author-rank Robert Justice author-rank
Expert Contributor

Created ‎01-08-2019 01:35 PM

Just to confirm, have you enabled Impala to use the Sentry service in Cloudera Manager with the following instructions?

 

https://www.cloudera.com/documentation/enterprise/latest/topics/impala_authorization.html#sentry_cm



Robert Justice, Technical Resolution Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Terms of Service

4,996 Views
0 Kudos

avatar
author-rank ainowy
New Contributor

Created ‎01-09-2019 12:15 AM

Hello Robert, 

 

Thanks for your reply. 

The Impala service is configured to use the Sentry service for authorization. 

Also, the Hive metastore.

I dont understand why we are having this issue yet..

 

Thanks for your help

4,990 Views
0 Kudos

avatar
author-rank Sheikhab
New Contributor

Created ‎01-17-2019 10:19 AM

Its not about your privilege or access issue
[<node>:21000] > invalidate metadata;
Query: invalidate metadatam..
Its about You dont have a valid metadata..
4,876 Views
0 Kudos

avatar
author-rank ainowy
New Contributor

Created ‎01-18-2019 04:36 AM

In the Sentry logs, shows this error:

 

mismatch: Client thrift version is: 1 , server thrift version is 2

 

In Impala, it throws this error:

 

org.apache.impala.catalog.AuthorizationException: User 'xxxxx' does not have privileges to access: server

 

I tried to see if there is any mismatch in the cloudera libraries but didnt find anything...

Any clue about it? 

4,856 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements