[jira] [Created] (AMBARI-25925) "hive.server2.enable.doAs" property cannot be set to true

Wed, 12 Apr 2023 01:25:04 -0700 

caijialiang created AMBARI-25925:
------------------------------------

             Summary: "hive.server2.enable.doAs" property cannot be set to true
                 Key: AMBARI-25925
                 URL: https://issues.apache.org/jira/browse/AMBARI-25925
             Project: Ambari
          Issue Type: Bug
    Affects Versions: 2.8.0
            Reporter: caijialiang


The "hive.server2.enable.doAs" property cannot be set to true due to a bug in 
the code. This results in doAs always being true and unable to be set to false, 
even if ranger is enabled. The recommended setting for 
"hive.server2.enable.doAs" is false, but this cannot be configured when 
Kerberos is enabled. This issue affects ranger validation. Additionally, the 
issue mentioned in the comment does not require setting doAs; instead, setting 
"hive.metastore.event.db.notification.api.auth" to false is sufficient when 
hive proxy user is not set.


{code:java}
########################################################
# https://issues.apache.org/jira/browse/HIVE-19740
# This is not a bug but after 2.x hive.metastore.event.db.notification.api.auth 
is true by default so if you just upgrade the version in a kerberized cluster, 
hiverserver2 will probably not be able to connect to the metastore. As 
specified here this can solved by setting 
hive.metastore.event.db.notification.api.auth to false or adding something like 
this to your core.xml or hive-site.xml:
########################################################
core_site_config = dict(config['configurations']['core-site'])
if format("hadoop.proxyuser.{hive_user}.hosts") not in core_site_config and 
format("hadoop.proxyuser.{hive_user}.groups") not in core_site_config:
  hive_site_config["hive.metastore.event.db.notification.api.auth"] = "false"
  hive_site_config["hive.server2.enable.doAs"] = "false"
else:
  hive_site_config["hive.metastore.event.db.notification.api.auth"] = "true"
  hive_site_config["hive.server2.enable.doAs"] = "true" {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to