[jira] [Commented] (LIVY-49) Spark + Sentry + Kerberos don't add up?

Tue, 24 Dec 2019 06:24:23 -0800 


    [ 
https://issues.apache.org/jira/browse/LIVY-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002856#comment-17002856
 ] 

sdhalex commented on LIVY-49:
-----------------------------

Excuse me,  has this bug been fixed in a later version?  Or need we still do 
the same workaround by losing ability to talk to Hive and HBase secure clusters 
? Thx.  [~vanzin]
                             


> Spark + Sentry + Kerberos don't add up?
> ---------------------------------------
>
>                 Key: LIVY-49
>                 URL: https://issues.apache.org/jira/browse/LIVY-49
>             Project: Livy
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.1
>            Reporter: Kostas Sakellis
>            Priority: Major
>
> File by: https://github.com/Tagar
> https://github.com/cloudera/livy/issues/36
> Getting following error stack
> {code}
> The Spark session could not be created in the cluster: 
>     at 
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671)
>  
>     at 
> org.apache.spark.deploy.SparkSubmit$.doRunMain$1(SparkSubmit.scala:160) 
>     at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:205) 
>     at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:120) 
>     at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala) ) 
>     at 
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:466)
>  
>     at 
> org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:234)
>  
>     at 
> org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient.<init>(SessionHiveMetaStoreClient.java:74)
>  
>     ... 35 more
> {code}
> My understanding that hive.server2.enable.impersonation and 
> hive.server2.enable.doAs should be enabled to make 
> UserGroupInformation.doAs() work?
> When I try to enable these parameters, Cloudera Manager shows error:
> Hive Impersonation is enabled for Hive Server2 role 'HiveServer2 (hostname)'. 
> Hive Impersonation should be disabled to enable Hive authorization using 
> Sentry
> So Spark-Hive conflicts with Sentry?
> Environment: Hue 3.9 Spark Notebooks + Livy Server (built from master). CDH 
> 5.5.
> This is a kerberized cluster with Sentry.
> ps. I was using hue's keytab as hue user is normally (by default in CDH) is 
> allowed to impersonate to other users. So very convenient for Spark Notebooks.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to