[
https://issues.apache.org/jira/browse/HIVE-10838?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
HeeSoo Kim updated HIVE-10838:
------------------------------
Description:
+*In a cluster with Kerberos authentication*+
When a Hive metastore client (e.g. HS2, oozie) has been configured with a
logical hostname (e.g. hiveserver/hiveserver_logical_hostn...@example.com), it
still uses its physical hostname to try to connect to the hive metastore.
For example, we specifiy, in hive-site.xml:
{noformat}
<property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>hiveserver/hiveserver_logical_hostn...@example.com</value>
</property>
{noformat}
When the client tried to get a delegation token from the metastore, an
exception occurred:
{noformat}
2015-05-21 23:17:59,554 ERROR metadata.Hive
(Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
connection for super-user: hiveserver/hiveserver_logical_hostn...@example.com
from IP 10.250.16.43)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
at
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
{noformat}
We need to set the bind address when Hive metastore client tries to connect
Hive metastore based on logical hostname of Kerberos.
was:
+*In a cluster with Kerberos authentication*+
When a Hive metastore client (e.g. HS2, oozie) has been configured with a
logical hostname (e.g. hiveserver/hiveserver_logical_hostn...@example.com), it
still uses its physical hostname to try to connect to the hive metastore.
For example, we specifiy, in hive-site.xml:
{noformat}
<property>
<name>hive.server2.authentication.kerberos.principal</name>
<value>hiveserver/hiveserver_logical_hostn...@example.com</value>
</property>
{noformat}
When the client tried to get a delegation token from the metastore, an
exception occurred:
{noformat}
2015-05-21 23:17:59,554 ERROR metadata.Hive
(Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
connection for super-user: hiveserver/hiveserver_logical_hostn...@example.com
from IP 10.250.16.43)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
at org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
at
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
at
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
{noformat}
We need to set the bind address when Hive metastore client tries to connect
Hive metastore based on hostname of Kerberos.
> Allow the Hive metastore client to bind to a specific address when connecting
> to the server
> -------------------------------------------------------------------------------------------
>
> Key: HIVE-10838
> URL: https://issues.apache.org/jira/browse/HIVE-10838
> Project: Hive
> Issue Type: Bug
> Reporter: HeeSoo Kim
> Assignee: HeeSoo Kim
>
> +*In a cluster with Kerberos authentication*+
> When a Hive metastore client (e.g. HS2, oozie) has been configured with a
> logical hostname (e.g. hiveserver/hiveserver_logical_hostn...@example.com),
> it still uses its physical hostname to try to connect to the hive metastore.
> For example, we specifiy, in hive-site.xml:
> {noformat}
> <property>
> <name>hive.server2.authentication.kerberos.principal</name>
> <value>hiveserver/hiveserver_logical_hostn...@example.com</value>
> </property>
> {noformat}
> When the client tried to get a delegation token from the metastore, an
> exception occurred:
> {noformat}
> 2015-05-21 23:17:59,554 ERROR metadata.Hive
> (Hive.java:getDelegationToken(2638)) - MetaException(message:Unauthorized
> connection for super-user: hiveserver/hiveserver_logical_hostn...@example.com
> from IP 10.250.16.43)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result$get_delegation_token_resultStandardScheme.read(ThriftHiveMetastore.java)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$get_delegation_token_result.read(ThriftHiveMetastore.java)
> at
> org.apache.thrift.TServiceClient.receiveBase(TServiceClient.java:78)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_delegation_token(ThriftHiveMetastore.java:3293)
> at
> org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_delegation_token(ThriftHiveMetastore.java:3279)
> at
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDelegationToken(HiveMetaStoreClient.java:1559)
> {noformat}
> We need to set the bind address when Hive metastore client tries to connect
> Hive metastore based on logical hostname of Kerberos.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
