[ https://issues.apache.org/jira/browse/LIVY-49?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002856#comment-17002856 ]
sdhalex commented on LIVY-49: ----------------------------- Excuse me, has this bug been fixed in a later version? Or need we still do the same workaround by losing ability to talk to Hive and HBase secure clusters ? Thx. [~vanzin] > Spark + Sentry + Kerberos don't add up? > --------------------------------------- > > Key: LIVY-49 > URL: https://issues.apache.org/jira/browse/LIVY-49 > Project: Livy > Issue Type: Bug > Components: Core > Affects Versions: 0.1 > Reporter: Kostas Sakellis > Priority: Major > > File by: https://github.com/Tagar > https://github.com/cloudera/livy/issues/36 > Getting following error stack > {code} > The Spark session could not be created in the cluster: > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1671) > > at > org.apache.spark.deploy.SparkSubmit$.doRunMain$1(SparkSubmit.scala:160) > at org.apache.spark.deploy.SparkSubmit$.submit(SparkSubmit.scala:205) > at org.apache.spark.deploy.SparkSubmit$.main(SparkSubmit.scala:120) > at org.apache.spark.deploy.SparkSubmit.main(SparkSubmit.scala) ) > at > org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:466) > > at > org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:234) > > at > org.apache.hadoop.hive.ql.metadata.SessionHiveMetaStoreClient.<init>(SessionHiveMetaStoreClient.java:74) > > ... 35 more > {code} > My understanding that hive.server2.enable.impersonation and > hive.server2.enable.doAs should be enabled to make > UserGroupInformation.doAs() work? > When I try to enable these parameters, Cloudera Manager shows error: > Hive Impersonation is enabled for Hive Server2 role 'HiveServer2 (hostname)'. > Hive Impersonation should be disabled to enable Hive authorization using > Sentry > So Spark-Hive conflicts with Sentry? > Environment: Hue 3.9 Spark Notebooks + Livy Server (built from master). CDH > 5.5. > This is a kerberized cluster with Sentry. > ps. I was using hue's keytab as hue user is normally (by default in CDH) is > allowed to impersonate to other users. So very convenient for Spark Notebooks. -- This message was sent by Atlassian Jira (v8.3.4#803005)