About agillan

agillan · ‎03-30-2016

have you verified that the sqoop command works by itself? run it manually on the command line outside of oozie. are you running your workflow through hue or via the oozie command line? if through hue, try running it on the oozie command line to verify it works as well.

agillan · ‎03-30-2016

Hi @nejm hadj does NiFi write the files to one directory? You should be able to specify an EXTERNAL table with the location as a directory. Then all the files in the dir will be part of the one table. For example: CREATE EXTERNAL TABLE tweets (col1 string, col2 string) LOCATION '/path/to/dir'; Obviously use a JSON SerDe to parse the data into your table columns as well, but the LOCATION clause is sufficient to load all your files into your table.

agillan · ‎01-20-2016

@Neeraj Sabharwal I don't have a doc or demo, but it's simple enough to demonstrate. Enable SBA (should be already by default) and and then give the hive warehouse dir e.g. 750 permissions for hive:hadoop (recursively). Then if people try to access tables through Hive CLI as any other user, they will get a permission denied error. This won't apply to access via HiveServer2 because you'd manage table and DB permissions via Ranger Hive repository or SQL Standard authorisation. @Alex Miller's suggestion goes on top of that as well. To be truly secure, users must come in via Knox.

agillan · ‎01-20-2016

I think you have to make sure Storage Based Authorization (SBA) is enabled for the Metastore hive.metastore.pre.event.listeners = org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener hive.security.metastore.authorization.manager = org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider And then lock down filesystem permissions for data warehouse dir. I don't think there's a way to actually prevent users from issuing the "hive" command. I may be wrong, though - happy to be corrected.

agillan · ‎01-15-2016

Hi @Junichi Oda - This is expected behaviour and it is the reason why it is recommended to have all hive processes run as hive user when you secure Hive with ranger. There are two options in order to secure access to hive with Ranger : Solution 1 Use both a repository HDFS and Hive to handle rights Keep "run as end user instead of hive" (hive.server2.enable.doAs=true) This means the dual maintenance that you describe Solution 2 Give rights to the hive user on the /apps/hive/warehouse arborescence in Ranger HDFS repository Lock down filesystem permissions on HDFS (for example, chmod 750) Use the Ranger Hive repository to handle rights on Hive tables Run as hive instead of end user (hive.server2.enable.doAs=false) --- Solution 2 is the way to go. You may be concerned about auditability, but the Hive audits in Ranger will show the correct user. The HDFS audits and the YARN audits will still show "hive" yes, but you will be able to tell who ran the query.

agillan · ‎12-24-2015

Did you attempt and abort an upgrade already? Can you please check the clusterconfigmapping table in the Ambari DB and make sure there are no duplicates in the type_name column? If there are, and then make sure that only 1 of them has a value of "1" in the "selected" column - the one with a later created_timestamp value. Take a backup of the Ambari DB (!!) and then update the "selected" value to 0 for the other one. Then re-attempt the upgrade.

agillan · ‎12-22-2015

EDIT: oops - just read the end bit of your post... still try to do it in the shell action itself and see? --- I believe this is a known limitation in non-secure clusters, whereby the containers are running as YARN user and not running as user xyz. Try to pass in the HADOOP_USER_NAME variable as illustrated below: $ `export HADOOP_USER_NAME=xyz ; hive -hiveconf hive.execution.engine=mr -e 'show databases' `

agillan · ‎12-22-2015

According to this Hive Language documentation, you can achieve the same thing using regular expressions: A SELECT statement can take regex-based column specification in Hive releases prior to 0.13.0, or in 0.13.0 and later releases if the configuration property hive.support.quoted.identifiers is set to none. * We use Java regex syntax. Try http://www.fileformat.info/tool/regex.htm for testing purposes. * The following query selects all columns except ds and hr. SELECT `(ds|hr)?+.+` FROM sales

agillan · ‎12-10-2015

Hi @Bhupendra Mishra You don't need the --table argument - it's only relevant for imports and exports (not eval). Try this: sqoop eval --connect jdbc:mysql://localhost.localdomain/sqoop_test --username root --query "SELECT * FROM emp"

agillan · ‎12-10-2015

Do you have Kerberos enabled on this cluster? Also - are you using HDP 2.3.0 or HDP 2.3.2?

Online	Offline
Last Visited	‎10-28-2024 01:17 PM

Member Since	‎09-25-2015 04:45 PM
Last Visited	‎10-28-2024 01:17 PM
Posts	82
Kudos received	93

Cloudera Community

Re: Hi,How to make hadoop to read the configuratio...

Re: Falcon Email Processing Tutorial in HDP 2.5

Re: User can still see / read on paths that it doe...

Re: Does using Custom Service names (e.g. hdfs_pro...

Re: Hive Error : Postgres: intermittent test failu...

Re: oozie execute sqoop falls

Re: load multiple json file to hive table

Re: How to disable hive shell for all users (Hive ...

Re: How to disable hive shell for all users (Hive ...

Re: Ranger should support column based ACL in case...

Re: upgrading from ambari 2.1.2 to 2.2

Re: Oozie shell action - Permission denied: user=x...

Re: Whether Hive supports Hive Select All Query w...

Re: sqoop eval function

Re: Spark - Hive tables not found when running in ...