ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmytro Sen" <d...@hortonworks.com>
Subject Re: Review Request 19851: HiveServer2 default security configuration changes
Date Mon, 31 Mar 2014 16:00:25 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/19851/
-----------------------------------------------------------

(Updated March 31, 2014, 4 p.m.)


Review request for Ambari, Dmitro Lisnichenko and Sumit Mohanty.


Bugs: AMBARI-5289
    https://issues.apache.org/jira/browse/AMBARI-5289


Repository: ambari


Description
-------

1.
For hive server2 startup commandline option, ambari should specify the following configuration
values:
-hiveconf hive.security.authorization.manager=org.apache.hadoop.hive.ql.security.authorization.plugin.sqlstd.SQLStdHiveAuthorizerFactory
-hiveconf hive.security.authorization.enabled=true
-hiveconf hive.security.authenticator.manager=org.apache.hadoop.hive.ql.security.SessionStateUserAuthenticator.
2.
Ambari has been specifying the config hive.metastore.uris="" . It would be better to stop
specifying this. With changes in hive security, there is some overhead of using embedded metastore
from hive-server2.
3.
There is a new config parameter "hive.users.in.admin.role" that is important to security.
If user is specified as value of this config, that user has superuser privileges (meant for
a user playing the DBA role).
This should be set in hive-site.xml (used by metastore server). If it's set a default admin
for any other service we can do the same here.


Diffs
-----

  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/files/startHiveserver2.sh
fa90c2f 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/hive.py
e1ef61f 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/scripts/params.py
52ba5c5 
  ambari-server/src/main/resources/stacks/HDP/2.0.6/services/HIVE/package/templates/startHiveserver2.sh.j2
PRE-CREATION 
  ambari-server/src/main/resources/stacks/HDP/2.1/services/HIVE/configuration/hive-site.xml
2d8a86d 
  ambari-server/src/test/python/stacks/2.0.6/HIVE/test_hive_server.py 57e6bb8 

Diff: https://reviews.apache.org/r/19851/diff/


Testing
-------

OK
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
[INFO] 
[INFO] Ambari Main ....................................... SUCCESS [0.068s]
[INFO] Apache Ambari Project POM ......................... SUCCESS [0.029s]
[INFO] Ambari Web ........................................ SUCCESS [8.621s]
[INFO] Ambari Views ...................................... SUCCESS [1.792s]
[INFO] Ambari Server ..................................... SUCCESS [13:40.706s]
[INFO] Ambari Agent ...................................... SUCCESS [11.798s]
[INFO] Ambari Client ..................................... SUCCESS [0.544s]


Thanks,

Dmytro Sen


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message