[
https://issues.apache.org/jira/browse/AMBARI-13133?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14804645#comment-14804645
]
Hadoop QA commented on AMBARI-13133:
------------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12757124/AMBARI-13133_branch2.1_01.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 3 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in
ambari-server.
Test results:
https://builds.apache.org/job/Ambari-trunk-test-patch/3804//testReport/
Console output:
https://builds.apache.org/job/Ambari-trunk-test-patch/3804//console
This message is automatically generated.
> Hive Metastore did not start when Kerberized
> --------------------------------------------
>
> Key: AMBARI-13133
> URL: https://issues.apache.org/jira/browse/AMBARI-13133
> Project: Ambari
> Issue Type: Bug
> Reporter: Robert Levas
> Assignee: Robert Levas
> Priority: Critical
> Attachments: AMBARI-13133_branch2.1_01.patch,
> AMBARI-13133_trunk_01.patch
>
>
> When starting up HiveMetastore under a Kerberized cluster, the following
> error occurs:
> {code}
> resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt
> /etc/security/keytabs/hive.service.keytab hive/host1.company.com@REALM; '
> returned 1. kinit: Keytab contains no suitable keys for
> hive/host1.company.com@REALM while getting initial credentials
> {code}
> This happens when Hive Metastore and HiveServer2 principals are set up
> distinct from each other.
> Hive Metastore is not using hive.metastore.kerberos.principal, but instead it
> uses hive.server2.authentication.kerberos.principal
> Also, the following references hive_conf_dir:
> https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py#L119-L120
> In HDP2.3+ the following file content becomes UNSECURED
> /var/lib/ambari-agent/data/structured-out-status.json
> We need to either reference hive_server_conf_dir or set hive_conf_dir as
> hive_server_conf_dir somewhere:
> https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/status_params.py#L90-L101
> *Solution*
> Since a kinit call here is unnecessary and the relevant configuration files
> are being created properly. Simply removing the kinit call (and related
> variabled) will fix the kinit failure issue.
> For the hive_conf_dir issue, setting {{hive_conf_dir = hive_server_conf_dir}}
> in status_params.py, solves the issue.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
