Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

hive impersonation not working after HDP upgrade to 2.4.0.0

Solved Go to solution
Highlighted

hive impersonation not working after HDP upgrade to 2.4.0.0

Expert Contributor

Hive -version : hive-1.2.1000.2.4.0.0

I upgraded our test cluster with hive-1.2.1000.2.4.0.0. After the upgrade, I am unable to impersonate any user when running hive query using HS2.

Following property were set.

hive.server2.enable.doAs=true.

 

[hive@usw2dydpmn01 hive]$ beeline
WARNING: Use "yarn jar" to launch YARN applications.
Beeline version 1.2.1000.2.4.0.0-169 by Apache Hive
beeline> !connect jdbc:hive2://usw2dydpmn01:10010
Connecting to jdbc:hive2://usw2dydpmn01:10010
Enter username for jdbc:hive2://usw2dydpmn01:10010: hive
Enter password for jdbc:hive2://usw2dydpmn01:10010:
Error: Failed to open new session: java.lang.RuntimeException: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive (state=,code=0)
 

Edit 1:

updating with more info.

Hive impersonation was already exists. After the HDP upgrade , it is not working. The problem exists only in hive-server2. If I run the query using hive-cli, then it is impersonating the user and it is running as expected.

If I make this property to false, then all the queries are running.

hive.server2.enable.doAs=true.
1 ACCEPTED SOLUTION

Accepted Solutions

Re: hive impersonation not working after HDP upgrade to 2.4.0.0

Have you set the following properties to *

hadoop.proxyuser.hive.hosts=*

hadoop.proxyuser.hive.groups=*

5 REPLIES 5

Re: hive impersonation not working after HDP upgrade to 2.4.0.0

Have you set the following properties to *

hadoop.proxyuser.hive.hosts=*

hadoop.proxyuser.hive.groups=*

Re: hive impersonation not working after HDP upgrade to 2.4.0.0

Expert Contributor

It seems the user info had been deleted from the proxyuser property. Not sure how it was working before upgrade. After adding the user back that list it is working fine.

Re: hive impersonation not working after HDP upgrade to 2.4.0.0

Please see: https://cwiki.apache.org/confluence/display/Hive/Hive+Transactions#HiveTransactions-ConfigurationVal...

If the data in your system is not owned by the Hive user (i.e., the user that the Hive metastore runs as), then Hive will need permission to run as the user who owns the data in order to perform compactions. If you have already set up HiveServer2 to impersonate users, then the only additional work to do is assure that Hive has the right to impersonate users from the host running the Hive metastore. This is done by adding the hostname to hadoop.proxyuser.hive.hosts in Hadoop's core-site.xml file. If you have not already done this, then you will need to configure Hive to act as a proxy user. This requires you to set up keytabs for the user running the Hive metastore and add hadoop.proxyuser.hive.hosts and hadoop.proxyuser.hive.groups to Hadoop's core-site.xml file.

Re: hive impersonation not working after HDP upgrade to 2.4.0.0

Expert Contributor

Hive impersonation is already exists. After the HDP upgrade , it is not working.

The problem exists only in hive-server2. If I run the query using hive-cli, then it is impersonating the user and it is running as expected.

Re: hive impersonation not working after HDP upgrade to 2.4.0.0

@Anandha L Ranganathan

Setting hive.server2.enable.doAs=false will always work since jobs will run under the ownership of user who is owning the HS2 process. If everything is perfect from confs side regards to impersonation then if possible it worth to restart the cluster processes and see if that resolve the issue.

Don't have an account?
Coming from Hortonworks? Activate your account here