----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59701/#review177049 -----------------------------------------------------------
Ship it! Ship It! - Alejandro Fernandez On June 1, 2017, 5:04 a.m., Vishal Suvagia wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/59701/ > ----------------------------------------------------------- > > (Updated June 1, 2017, 5:04 a.m.) > > > Review request for Ambari, Alejandro Fernandez, Gautam Borad, Madhan > Neethiraj, Mugdha Varadkar, Nixon Rodrigues, and Sumit Mohanty. > > > Bugs: AMBARI-21154 > https://issues.apache.org/jira/browse/AMBARI-21154 > > > Repository: ambari > > > Description > ------- > > In a kerberized environment, Atlas hook uses JAAS configuration section named > "KakfaClient" to authenticate with Kafka broker. In a typical Hive deployment > this configuration section is set to use the keytab and principal of > HiveServer2 process. The hook running in HiveCLI might fail to authenticate > with Kafka if the user can't read the configured keytab. > > Given that HiveCLI users would have performed kinit, the hook in HiveCLI > should use the ticket-cache generated by kinit. When ticket cache is not > available (for example in HiveServer2), the hook should use the configuration > provided in KafkaClient JAAS section > > As a solution need to add below in hive atlas-application.properties by > default if atlas-hive hook is enabled in secure mode > > atlas.jaas.ticketBased-KafkaClient.loginModuleControlFlag=required > atlas.jaas.ticketBased-KafkaClient.loginModuleName=com.sun.security.auth.module.Krb5LoginModule > atlas.jaas.ticketBased-KafkaClient.option.useTicketCache=true > > > Diffs > ----- > > ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/config-upgrade.xml > a29f74b > > ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/nonrolling-upgrade-2.6.xml > 8c659ee > ambari-server/src/main/resources/stacks/HDP/2.5/upgrades/upgrade-2.6.xml > 3054ca3 > ambari-server/src/main/resources/stacks/HDP/2.6/services/HIVE/kerberos.json > PRE-CREATION > ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/config-upgrade.xml > 1610bb5 > > ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/nonrolling-upgrade-2.6.xml > 1cdd184 > ambari-server/src/main/resources/stacks/HDP/2.6/upgrades/upgrade-2.6.xml > 3e7e3d7 > > > Diff: https://reviews.apache.org/r/59701/diff/1/ > > > Testing > ------- > > Verified fresh install and upgrade on Cent-OS-6. > > > Thanks, > > Vishal Suvagia > >