Created 01-21-2022 12:57 AM
Hi.
I was wondering if anyone can confirm or deny that kerberized hive can (how?) work with not kerberized Zookeeper (+kerberized HDFS and Yarn).
Unless I overlooked something (which is very possible), it seems like in line 93 of attached log hive is trying to auth against ZK, and since there is any ZK security enabled this attempt failed.
If I'm right, is there any property that I can set up to disable auth attempts on hive side? hdfs/yarn seems to have zero problems working with unsecured ZK.
Or perhaps we need to enable kerberos on ZK nodes because hive won't work otherwise, period?
Created on 02-02-2022 04:22 AM - edited 02-02-2022 04:26 AM
@asishThat was also my impression, but I was not able to find any solid confirmation. Eventually I kerberized ZK, correct bunch of playbooks to reflect that, and it works fine now.
Created 01-21-2022 04:13 AM
@Czarniak You can de-register Hiveserver2 from Zookeeper
Connect directly to hiveserver2 without zookeeper quorom.
Created 01-21-2022 07:22 AM
That might be a good idea with only single hiveserver, we will have like 7 of them 🙂
That is why I'm asking if the current setup is even possible. If not, kerberizing ZK will get much higher priority. Which is a good thing I guess...
Created 02-02-2022 12:46 AM
@Czarniak The current setup is not possible
Created on 02-02-2022 04:22 AM - edited 02-02-2022 04:26 AM
@asishThat was also my impression, but I was not able to find any solid confirmation. Eventually I kerberized ZK, correct bunch of playbooks to reflect that, and it works fine now.