Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Kerberized hive with not-kerberized Zookeeper

avatar
author-rank Czarniak
New Contributor

Created ‎01-21-2022 12:57 AM

Hi.

 

I was wondering if anyone can confirm or deny that kerberized hive can (how?) work with not kerberized Zookeeper (+kerberized HDFS and Yarn).

 

Unless I overlooked something (which is very possible), it seems like in line 93 of attached log hive is trying to auth against ZK, and since there is any ZK security enabled this attempt failed.

 

If I'm right, is there any property that I can set up to disable auth attempts on hive side? hdfs/yarn seems to have zero problems working with unsecured ZK.

Or perhaps we need to enable kerberos on ZK nodes because hive won't work otherwise, period?

 

 

Preview file
25 KB
1,058 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Czarniak
New Contributor

Created on ‎02-02-2022 04:22 AM - edited ‎02-02-2022 04:26 AM

@asishThat was also my impression, but I was not able to find any solid confirmation. Eventually I kerberized ZK, correct bunch of playbooks to reflect that, and it works fine now.

View solution in original post

971 Views
0 Kudos
4 REPLIES 4

avatar
author-rank asish author-rank
Guru

Created ‎01-21-2022 04:13 AM

@Czarniak You can de-register Hiveserver2 from Zookeeper

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/fault-tolerance/content/dynamic_service_discov...

 

Connect directly to hiveserver2 without zookeeper quorom.

1,044 Views
0 Kudos

avatar
author-rank Czarniak
New Contributor

Created ‎01-21-2022 07:22 AM

That might be a good idea with only single hiveserver, we will have like 7 of them 🙂

That is why I'm asking if the current setup is even possible. If not, kerberizing ZK will get much higher priority. Which is a good thing I guess...

1,034 Views
0 Kudos

avatar
author-rank asish author-rank
Guru

Created ‎02-02-2022 12:46 AM

@Czarniak  The current setup is not possible

981 Views
0 Kudos

avatar
author-rank Czarniak
New Contributor

Created on ‎02-02-2022 04:22 AM - edited ‎02-02-2022 04:26 AM

@asishThat was also my impression, but I was not able to find any solid confirmation. Eventually I kerberized ZK, correct bunch of playbooks to reflect that, and it works fine now.

972 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner