Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

hive impersonation not working after HDP upgrade to 2.4.0.0

avatar
author-rank anand_ranganath
Expert Contributor

Created ‎05-20-2016 06:14 AM

Hive -version : hive-1.2.1000.2.4.0.0

I upgraded our test cluster with hive-1.2.1000.2.4.0.0. After the upgrade, I am unable to impersonate any user when running hive query using HS2.

Following property were set.

hive.server2.enable.doAs=true.

 

[hive@usw2dydpmn01 hive]$ beeline
WARNING: Use "yarn jar" to launch YARN applications.
Beeline version 1.2.1000.2.4.0.0-169 by Apache Hive
beeline> !connect jdbc:hive2://usw2dydpmn01:10010
Connecting to jdbc:hive2://usw2dydpmn01:10010
Enter username for jdbc:hive2://usw2dydpmn01:10010: hive
Enter password for jdbc:hive2://usw2dydpmn01:10010:
Error: Failed to open new session: java.lang.RuntimeException: java.lang.RuntimeException: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException): User: hive is not allowed to impersonate hive (state=,code=0)

Edit 1:

updating with more info.

Hive impersonation was already exists. After the HDP upgrade , it is not working. The problem exists only in hive-server2. If I run the query using hive-cli, then it is impersonating the user and it is running as expected.

If I make this property to false, then all the queries are running. 

hive.server2.enable.doAs=true.
7,440 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
Former Member

Created ‎05-20-2016 07:07 AM

Have you set the following properties to *

hadoop.proxyuser.hive.hosts=*

hadoop.proxyuser.hive.groups=*

View solution in original post

4,979 Views
5 REPLIES 5

avatar
Former Member

Created ‎05-20-2016 07:07 AM

Have you set the following properties to *

hadoop.proxyuser.hive.hosts=*

hadoop.proxyuser.hive.groups=*

4,980 Views

avatar
author-rank anand_ranganath
Expert Contributor

Created ‎05-23-2016 10:28 PM

It seems the user info had been deleted from the proxyuser property. Not sure how it was working before upgrade. After adding the user back that list it is working fine.

4,979 Views
0 Kudos

avatar
Former Member

Created ‎05-20-2016 07:08 AM

Please see: https://cwiki.apache.org/confluence/display/Hive/Hive+Transactions#HiveTransactions-ConfigurationVal...

If the data in your system is not owned by the Hive user (i.e., the user that the Hive metastore runs as), then Hive will need permission to run as the user who owns the data in order to perform compactions. If you have already set up HiveServer2 to impersonate users, then the only additional work to do is assure that Hive has the right to impersonate users from the host running the Hive metastore. This is done by adding the hostname to hadoop.proxyuser.hive.hosts in Hadoop's core-site.xml file. If you have not already done this, then you will need to configure Hive to act as a proxy user. This requires you to set up keytabs for the user running the Hive metastore and add hadoop.proxyuser.hive.hosts and hadoop.proxyuser.hive.groups to Hadoop's core-site.xml file.

4,979 Views
0 Kudos

avatar
author-rank anand_ranganath
Expert Contributor

Created ‎05-20-2016 03:10 PM

Hive impersonation is already exists. After the HDP upgrade , it is not working.

The problem exists only in hive-server2. If I run the query using hive-cli, then it is impersonating the user and it is running as expected.

4,979 Views
0 Kudos

avatar
author-rank jyadav
Super Guru

Created ‎05-22-2016 09:31 PM

@Anandha L Ranganathan

Setting hive.server2.enable.doAs=false will always work since jobs will run under the ownership of user who is owning the HS2 process. If everything is perfect from confs side regards to impersonation then if possible it worth to restart the cluster processes and see if that resolve the issue.

4,979 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements