Return-Path: X-Original-To: apmail-ambari-dev-archive@www.apache.org Delivered-To: apmail-ambari-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 937BE10DA3 for ; Thu, 17 Sep 2015 17:54:04 +0000 (UTC) Received: (qmail 19771 invoked by uid 500); 17 Sep 2015 17:54:04 -0000 Delivered-To: apmail-ambari-dev-archive@ambari.apache.org Received: (qmail 19734 invoked by uid 500); 17 Sep 2015 17:54:04 -0000 Mailing-List: contact dev-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list dev@ambari.apache.org Received: (qmail 19721 invoked by uid 99); 17 Sep 2015 17:54:04 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 17 Sep 2015 17:54:04 +0000 Date: Thu, 17 Sep 2015 17:54:04 +0000 (UTC) From: "Robert Levas (JIRA)" To: dev@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AMBARI-13133) Hive Metastore did not start when Kerberized MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/AMBARI-13133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Levas updated AMBARI-13133: ---------------------------------- Attachment: (was: AMBARI-13133_trunk_01.patch) > Hive Metastore did not start when Kerberized > -------------------------------------------- > > Key: AMBARI-13133 > URL: https://issues.apache.org/jira/browse/AMBARI-13133 > Project: Ambari > Issue Type: Bug > Reporter: Robert Levas > Assignee: Robert Levas > Priority: Critical > Attachments: AMBARI-13133_trunk_01.patch > > > When starting up HiveMetastore under a Kerberized cluster, the following error occurs: > {code} > resource_management.core.exceptions.Fail: Execution of '/usr/bin/kinit -kt /etc/security/keytabs/hive.service.keytab hive/host1.company.com@REALM; ' returned 1. kinit: Keytab contains no suitable keys for hive/host1.company.com@REALM while getting initial credentials > {code} > This happens when Hive Metastore and HiveServer2 principals are set up distinct from each other. > Hive Metastore is not using hive.metastore.kerberos.principal, but instead it uses hive.server2.authentication.kerberos.principal > Also, the following references hive_conf_dir: > https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/hive_metastore.py#L119-L120 > In HDP2.3+ the following file content becomes UNSECURED > /var/lib/ambari-agent/data/structured-out-status.json > We need to either reference hive_server_conf_dir or set hive_conf_dir as hive_server_conf_dir somewhere: > https://github.com/apache/ambari/blob/release-2.1.1/ambari-server/src/main/resources/common-services/HIVE/0.12.0.2.0/package/scripts/status_params.py#L90-L101 > *Solution* > Since a kinit call here is unnecessary and the relevant configuration files are being created properly. Simply removing the kinit call (and related variabled) will fix the kinit failure issue. > For the hive_conf_dir issue, setting {{hive_conf_dir = hive_server_conf_dir}} in status_params.py, solves the issue. -- This message was sent by Atlassian JIRA (v6.3.4#6332)